jekyll-kw-sri 0.0.1 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +36 -14
- data/lib/jekyll-kw-sri.rb +17 -17
- data/lib/jekyll-kw-sri/parser.rb +1 -1
- data/lib/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8105f15bb469e5ce9f911724cca9d4c0f91a5c5562c57cf19d0175c99f1f6937
|
|
4
|
+
data.tar.gz: 56ec904adb6f25f4e837d7666b25a6beda5fee4ce6fc61d731fee22354442282
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c295991eb27a6f634f2781f6016d94e66651a067d0f25eaf961e6e3d3ea9597cec1793756eb34969609e7dc41627f787498a8745948bfc866c87609a67697ba
|
|
7
|
+
data.tar.gz: 802d07f5d15b93bbccc0af363e33ebff5752a7e8764bb1679a7e15e7d28f3445c90adf8eac26b3fe7a3d789ef9712619368be74e97d53ca092fd122f75838a31
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# jekyll-kw-sri
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/jekyll-kw-sri)
|
|
4
|
+
|
|
3
5
|
A plugin for jekyll to calculate [Subresource Integrity][Wikipedia SRI] (SRI) hashes for CSS (even SCSS and SASS) and JS files during build time.
|
|
4
6
|
|
|
5
7
|
> **Subresource Integrity** (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
|
|
@@ -8,7 +10,7 @@ from [Mozilla docs][Mozilla Subresource Integrity]
|
|
|
8
10
|
|
|
9
11
|
## Configuration
|
|
10
12
|
|
|
11
|
-
Add `kw-sri` section to `_config.yml` configure the plugin globally.
|
|
13
|
+
Add `kw-sri` section to `_config.yml` configure the plugin globally. If you want to use defauls you can ommit the config-section.
|
|
12
14
|
|
|
13
15
|
```yaml
|
|
14
16
|
kw-sri:
|
|
@@ -25,18 +27,46 @@ kw-sri:
|
|
|
25
27
|
| hash_type | Which kind of integrity hash | sha256, **sha384**, sha512 |
|
|
26
28
|
| write_source_mapping_url | Add the map-file like to the css | false, **true** |
|
|
27
29
|
|
|
28
|
-
|
|
30
|
+
## Action Items / Shell commands
|
|
29
31
|
|
|
30
|
-
|
|
32
|
+
Run linting and tests
|
|
31
33
|
|
|
32
|
-
|
|
34
|
+
```sh
|
|
35
|
+
bundle exec rubocop
|
|
36
|
+
bundle exec rake test
|
|
37
|
+
```
|
|
33
38
|
|
|
34
|
-
|
|
39
|
+
Build gem package
|
|
35
40
|
|
|
36
41
|
```sh
|
|
37
|
-
bundle exec rake
|
|
42
|
+
bundle exec rake build
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Publish gem package
|
|
46
|
+
|
|
47
|
+
```sh
|
|
48
|
+
bundle exec rake release
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
Calc a SRI Integrity hash of `./style.css` in format `sha256`
|
|
52
|
+
|
|
53
|
+
```shell
|
|
54
|
+
openssl dgst -sha256 -binary ./style.css | openssl base64 -A
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Calc different **SRI integrity** hash-files from `css-files` (same is valid for `js-files`) in format `sha256`, `sha384` and `sha512` inside a **Makefile**
|
|
58
|
+
|
|
59
|
+
```plain
|
|
60
|
+
calc-integrity-files:
|
|
61
|
+
for strength in 256 384 512 ; do \
|
|
62
|
+
cat ./assets/css/style.min.css | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/style.min.css.sha$$strength ; \
|
|
63
|
+
cat ./assets/css/main.css | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/main.css.sha$$strength ; \
|
|
64
|
+
cat ./assets/js/script.js | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/script.js.sha$$strength ; \
|
|
65
|
+
done
|
|
38
66
|
```
|
|
39
67
|
|
|
68
|
+
## Notes / Hints
|
|
69
|
+
|
|
40
70
|
### Appraisal - Gemfile Generator
|
|
41
71
|
|
|
42
72
|
[GitHub](https://github.com/thoughtbot/appraisal)
|
|
@@ -48,8 +78,6 @@ bundle exec rake test
|
|
|
48
78
|
bundle exec appraisal generate
|
|
49
79
|
```
|
|
50
80
|
|
|
51
|
-
## Notes / Hints
|
|
52
|
-
|
|
53
81
|
### Site context is empty
|
|
54
82
|
|
|
55
83
|
Inside the `render(context)` function of a `Liquid::Tag` there is a context object. With that context you can get the `site` object, anyhow when you want to cretae your temporry **site** and **context** you need a workaround.
|
|
@@ -90,12 +118,6 @@ converter = if defined? site.find_converter_instance
|
|
|
90
118
|
end
|
|
91
119
|
```
|
|
92
120
|
|
|
93
|
-
## SRI Integrity
|
|
94
|
-
|
|
95
|
-
```shell
|
|
96
|
-
openssl dgst -sha256 -binary ./style.css | openssl base64 -A
|
|
97
|
-
```
|
|
98
|
-
|
|
99
121
|
## Setup Steps
|
|
100
122
|
|
|
101
123
|
```sh
|
data/lib/jekyll-kw-sri.rb
CHANGED
|
@@ -10,15 +10,14 @@ module Jekyll
|
|
|
10
10
|
# jekyll-kw-sri custom tag
|
|
11
11
|
class SriScssHashTag < Jekyll::Tags::IncludeRelativeTag
|
|
12
12
|
# class SriScssHashTag < Liquid::Tag
|
|
13
|
+
|
|
14
|
+
# alias super_render render
|
|
15
|
+
|
|
13
16
|
def initialize(tag_name, input, tokens)
|
|
14
17
|
super
|
|
15
18
|
|
|
16
19
|
raise 'Please enter a file path' if input.length <= 0
|
|
17
|
-
|
|
18
|
-
@scss_file = strip_or_self(input)
|
|
19
20
|
# File.exists? is file?
|
|
20
|
-
|
|
21
|
-
@tag_name = tag_name
|
|
22
21
|
end
|
|
23
22
|
|
|
24
23
|
# def syntax_example
|
|
@@ -26,11 +25,6 @@ module Jekyll
|
|
|
26
25
|
# end
|
|
27
26
|
|
|
28
27
|
def render(context)
|
|
29
|
-
# return '' unless context.registers[:page]['sri']
|
|
30
|
-
|
|
31
|
-
# # Read the global configuration
|
|
32
|
-
# @sri_config = context.registers[:site].config['kw-sri'] || {}
|
|
33
|
-
|
|
34
28
|
cache_compiled_scss(@file, context, lambda {
|
|
35
29
|
if context.nil? || context.registers[:site].nil?
|
|
36
30
|
puts 'WARNING: There was no context, generate default site and context'
|
|
@@ -38,15 +32,25 @@ module Jekyll
|
|
|
38
32
|
context = Liquid::Context.new({}, {}, { site: site })
|
|
39
33
|
else
|
|
40
34
|
site = context.registers[:site]
|
|
35
|
+
# Read the global configuration
|
|
36
|
+
@sri_config = context.registers[:site].config['kw-sri'] || {}
|
|
41
37
|
end
|
|
42
38
|
|
|
39
|
+
# Render the context with the base-class
|
|
43
40
|
converter = site.find_converter_instance(Jekyll::Converters::Scss)
|
|
44
|
-
|
|
45
|
-
result = super(context)
|
|
41
|
+
result = super(context) # super_render(context)
|
|
46
42
|
scss = result.gsub(/^---.*---/m, '')
|
|
47
43
|
data = converter.convert(scss)
|
|
48
44
|
|
|
49
|
-
|
|
45
|
+
# Get path out of the file object
|
|
46
|
+
file = render_variable(context) || @file
|
|
47
|
+
validate_file_name(file)
|
|
48
|
+
path = locate_include_file(context, file, site.safe)
|
|
49
|
+
|
|
50
|
+
# Use default config for kw-sri if it is nil
|
|
51
|
+
@sri_config ||= Jekyll::KargWare::Integrity::Configuration::DEFAULT_CONFIG
|
|
52
|
+
|
|
53
|
+
Integrity::Parser.new(@sri_config).calc_integrity(path, data)
|
|
50
54
|
})
|
|
51
55
|
end
|
|
52
56
|
|
|
@@ -66,11 +70,7 @@ module Jekyll
|
|
|
66
70
|
end
|
|
67
71
|
end
|
|
68
72
|
|
|
69
|
-
#
|
|
70
|
-
def strip_or_self(str)
|
|
71
|
-
str.strip! || str
|
|
72
|
-
end
|
|
73
|
-
|
|
73
|
+
# Register the sccs file as include folder
|
|
74
74
|
def tag_includes_dirs(context)
|
|
75
75
|
[context.registers[:site].source].freeze
|
|
76
76
|
end
|
data/lib/jekyll-kw-sri/parser.rb
CHANGED
|
@@ -19,7 +19,7 @@ module Jekyll
|
|
|
19
19
|
data_modified = add_source_mapping_url(filename, data)
|
|
20
20
|
|
|
21
21
|
# Debuging, save rendered css file as tmp file
|
|
22
|
-
File.open("
|
|
22
|
+
File.open("#{filename}.tmp", 'w') { |file| file.write(data_modified) } if @configuration.create_tmpfile
|
|
23
23
|
|
|
24
24
|
case hash_type
|
|
25
25
|
when 'sha256'
|
data/lib/version.rb
CHANGED