ssri 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +151 -0
  3. metadata +9 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fc077f8e97a9f458076702ce2057aa7dd4403894f6dd2d38f3bf1a4e922ede72
4
- data.tar.gz: 060dd31549dad3c51dd6f25d4a710e702dfcbd907258fe7bb1ac9587702ac269
3
+ metadata.gz: 5bcbbaaaa58c7ce1f21448090117605420c4ecaaa706f3e6f23978d43fd9b1f3
4
+ data.tar.gz: 2b944d81cfbf9f0d149ba2674e6734b53b3c58f8696ba5ff1bbb6ebdb90fe6c6
5
5
  SHA512:
6
- metadata.gz: 1f17f2f6f2ffd8a5c87eed3ab2ef9e07cbc4e79c885cc21a7ee452bcb5a02d9df387602f42a011430cffccc282d5942d888f387369230c178874b9e4fe1a8fca
7
- data.tar.gz: dcc7876db22ec5d304136103c0d37d2c7c2d8ffc3fc5da2b624e2a2544fd16ee36df24c7d6066b8940e9eb28306bfb310f635020f80a7f545a6a03e0f4cc335d
6
+ metadata.gz: 99b2365377b3b46bbe2842508c436822adcfe36dfd2b705fdc9ca0f653994e0c11b1b61ddd611b5a2d37e57d6b82bf88175817c27918094d84784c9268db5f86
7
+ data.tar.gz: 222a1426e267848d6eec6c382ec1714d59d0432ebdc2521b12eb41f5f4175d19b1c6efd0369f611d216d5e73a48e1c0319e1c5efb647504c3d3fa1bf109d0c4b
data/README.md ADDED
@@ -0,0 +1,151 @@
1
+ # ssri.rb
2
+
3
+ A Ruby port of the Node.js [ssri](https://github.com/npm/ssri) library. Short for **Standard Subresource Integrity**, ssri.rb is a utility for parsing, manipulating, serializing, generating, and verifying [Subresource Integrity](https://w3c.github.io/webappsec-subresource-integrity/) hashes.
4
+
5
+ ## Requirements
6
+
7
+ - Ruby 3.3+
8
+ - No external gems required — uses Ruby's built-in `openssl` and `base64` libraries
9
+
10
+ ## Installation
11
+
12
+ Install gem via rubygems
13
+
14
+ ```
15
+ gem install ssri
16
+ ```
17
+
18
+ ```ruby
19
+ require 'ssri'
20
+ ```
21
+
22
+ ## Usage
23
+
24
+ ### Generate an integrity hash from data
25
+
26
+ ```ruby
27
+ data = File.read('index.js')
28
+ integrity = SSRI.from_data(data)
29
+ puts integrity.to_s
30
+ # => sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqT...
31
+ ```
32
+
33
+ ### Generate with multiple algorithms
34
+
35
+ ```ruby
36
+ integrity = SSRI.from_data(data, algorithms: ['sha256', 'sha384', 'sha512'])
37
+ puts integrity.to_s
38
+ # => sha256-l981iLWj8kur... sha384-irnCxQ0CfQhY... sha512-yzd8ELD1...
39
+ ```
40
+
41
+ ### Parse an SRI string
42
+
43
+ ```ruby
44
+ parsed = SSRI.parse('sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0o...==?foo')
45
+ puts parsed['sha512'].first.digest
46
+ puts parsed['sha512'].first.algorithm
47
+ ```
48
+
49
+ ### Verify data against an SRI string
50
+
51
+ ```ruby
52
+ sri = SSRI.from_data(data).to_s
53
+ match = SSRI.check_data(data, sri)
54
+ puts match # => truthy Hash object if verified, false if not
55
+
56
+ # Raise an error on failure instead of returning false
57
+ SSRI.check_data(data, sri, error: true)
58
+ ```
59
+
60
+ ### Incremental hashing with create
61
+
62
+ ```ruby
63
+ creator = SSRI.create(algorithms: ['sha512'])
64
+ creator.update("Hello, ")
65
+ creator.update("world!")
66
+ puts creator.digest.to_s
67
+ # => sha512-...
68
+ ```
69
+
70
+ ### Convert from a hex digest
71
+
72
+ ```ruby
73
+ integrity = SSRI.from_hex('75e69d6de79f', 'sha1')
74
+ puts integrity.to_s
75
+ # => sha1-deadbeef
76
+ ```
77
+
78
+ ### Strict mode
79
+
80
+ Strict mode enforces the SRI spec, limiting algorithms to `sha256`, `sha384`, and `sha512`, and validating digest and option formatting. Recommended for browser-facing integrity strings.
81
+
82
+ ```ruby
83
+ integrity = SSRI.from_data(data, strict: true)
84
+ puts integrity.to_s(strict: true)
85
+ ```
86
+
87
+ ### Merge two integrity objects
88
+
89
+ Safely adds new hashes to an existing integrity object. Raises an error if a shared algorithm has a mismatched digest.
90
+
91
+ ```ruby
92
+ existing = SSRI.parse('sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4=')
93
+ stronger = SSRI.from_data(data, algorithms: ['sha512'])
94
+ existing.merge(stronger)
95
+ puts existing.to_s
96
+ # => sha1-X1UT+... sha512-yzd8ELD1...
97
+ ```
98
+
99
+ ### Concatenate two integrity objects
100
+
101
+ ```ruby
102
+ integrity_a = SSRI.from_data(File.read('index.desktop.js'))
103
+ integrity_b = SSRI.from_data(File.read('index.mobile.js'))
104
+ combined = integrity_a.concat(integrity_b)
105
+ puts combined.to_s
106
+ ```
107
+
108
+ ## API Reference
109
+
110
+ ### Module methods
111
+
112
+ | Method | Description |
113
+ |---|---|
114
+ | `SSRI.parse(sri, opts)` | Parse an SRI string into an `Integrity` object |
115
+ | `SSRI.stringify(obj, opts)` | Serialize an `Integrity` or `Hash` object to a string |
116
+ | `SSRI.from_data(data, opts)` | Generate an `Integrity` object from a string or binary data |
117
+ | `SSRI.from_hex(hex, algorithm, opts)` | Generate an `Integrity` object from a hex digest |
118
+ | `SSRI.check_data(data, sri, opts)` | Verify data against an SRI value |
119
+ | `SSRI.create(opts)` | Return an incremental hasher with `update` and `digest` methods |
120
+
121
+ ### Options
122
+
123
+ | Option | Type | Description |
124
+ |---|---|---|
125
+ | `:algorithms` | Array | Algorithms to use, e.g. `['sha256', 'sha512']`. Default: `['sha512']` |
126
+ | `:strict` | Boolean | Enforce strict SRI spec compliance |
127
+ | `:single` | Boolean | Return a single `Hash` object instead of an `Integrity` object |
128
+ | `:sep` | String | Separator between entries in `to_s`. Default: `' '` |
129
+ | `:options` | Array | SRI option strings appended as `?foo?bar` |
130
+ | `:error` | Boolean | Raise on verification failure instead of returning `false` |
131
+ | `:size` | Integer | Expected byte size, checked during `check_data` |
132
+ | `:pick_algorithm` | Proc | Custom algorithm priority function, receives two algo strings |
133
+
134
+ ### Errors
135
+
136
+ | Error | Code | Raised when |
137
+ |---|---|---|
138
+ | `SSRI::IntegrityError` | `EINTEGRITY` | Digest mismatch during verification |
139
+ | `SSRI::SizeMismatchError` | `EBADSIZE` | Data size doesn't match expected size |
140
+
141
+ ## Not implemented
142
+
143
+ The following features from the original Node.js library were not ported, as they rely on Node.js streams:
144
+
145
+ - `fromStream`
146
+ - `checkStream`
147
+ - `integrityStream`
148
+
149
+ ## License
150
+
151
+ MIT
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - ssanoop
@@ -15,8 +15,10 @@ description: A Ruby port of the Node.js ssri library for parsing, generating and
15
15
  email: samsanoop@outlook.com
16
16
  executables: []
17
17
  extensions: []
18
- extra_rdoc_files: []
18
+ extra_rdoc_files:
19
+ - README.md
19
20
  files:
21
+ - README.md
20
22
  - lib/ssri.rb
21
23
  - lib/ssri/constants.rb
22
24
  - lib/ssri/errors.rb
@@ -26,7 +28,11 @@ files:
26
28
  homepage:
27
29
  licenses:
28
30
  - MIT
29
- metadata: {}
31
+ metadata:
32
+ source_code_uri: https://gitlab.com/ssanoop/ssri
33
+ homepage_uri: https://gitlab.com/ssanoop/ssri
34
+ changelog_uri: https://gitlab.com/ssanoop/ssri/-/blob/main/CHANGELOG.md
35
+ documentation_uri: https://gitlab.com/ssanoop/ssri/-/blob/main/README.md
30
36
  post_install_message:
31
37
  rdoc_options: []
32
38
  require_paths: