isomorphic-git 1.37.4 → 1.37.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.cjs +22 -7
- package/index.js +15 -7
- package/index.umd.min.js +1 -1
- package/index.umd.min.js.map +1 -1
- package/managers/index.cjs +20 -5
- package/managers/index.js +13 -5
- package/managers/index.umd.min.js +1 -1
- package/managers/index.umd.min.js.map +1 -1
- package/package.json +1 -1
package/managers/index.cjs
CHANGED
|
@@ -9,6 +9,7 @@ var AsyncLock = _interopDefault(require('async-lock'));
|
|
|
9
9
|
var Hash = _interopDefault(require('sha.js/sha1.js'));
|
|
10
10
|
var crc32 = _interopDefault(require('crc-32'));
|
|
11
11
|
var pako = _interopDefault(require('pako'));
|
|
12
|
+
var crypto$1 = require('crypto');
|
|
12
13
|
|
|
13
14
|
/**
|
|
14
15
|
* @typedef {Object} GitProgressEvent
|
|
@@ -4132,6 +4133,19 @@ function readPackIndex({
|
|
|
4132
4133
|
return p
|
|
4133
4134
|
}
|
|
4134
4135
|
|
|
4136
|
+
const SHA1_CHUNK_SIZE = 8 * 1024 * 1024;
|
|
4137
|
+
|
|
4138
|
+
async function shasumRange(
|
|
4139
|
+
buffer,
|
|
4140
|
+
{ start = 0, end = buffer.length } = {}
|
|
4141
|
+
) {
|
|
4142
|
+
const hash = crypto$1.createHash('sha1');
|
|
4143
|
+
for (let i = start; i < end; i += SHA1_CHUNK_SIZE) {
|
|
4144
|
+
hash.update(buffer.subarray(i, Math.min(i + SHA1_CHUNK_SIZE, end)));
|
|
4145
|
+
}
|
|
4146
|
+
return hash.digest('hex')
|
|
4147
|
+
}
|
|
4148
|
+
|
|
4135
4149
|
async function readObjectPacked({
|
|
4136
4150
|
fs,
|
|
4137
4151
|
cache,
|
|
@@ -4185,11 +4199,12 @@ async function readObjectPacked({
|
|
|
4185
4199
|
)
|
|
4186
4200
|
}
|
|
4187
4201
|
|
|
4188
|
-
// 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload
|
|
4189
|
-
//
|
|
4190
|
-
|
|
4191
|
-
|
|
4192
|
-
|
|
4202
|
+
// 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload.
|
|
4203
|
+
// The Node package build swaps in a chunked implementation for large packs.
|
|
4204
|
+
const actualPayloadSha = await shasumRange(pack, {
|
|
4205
|
+
start: 0,
|
|
4206
|
+
end: pack.length - 20,
|
|
4207
|
+
});
|
|
4193
4208
|
if (actualPayloadSha !== expectedShaFromIndex) {
|
|
4194
4209
|
throw new InternalError(
|
|
4195
4210
|
`Packfile payload corrupted: calculated ${actualPayloadSha} but expected ${expectedShaFromIndex}. The packfile may have been tampered with.`
|
package/managers/index.js
CHANGED
|
@@ -4126,6 +4126,13 @@ function readPackIndex({
|
|
|
4126
4126
|
return p
|
|
4127
4127
|
}
|
|
4128
4128
|
|
|
4129
|
+
async function shasumRange(
|
|
4130
|
+
buffer,
|
|
4131
|
+
{ start = 0, end = buffer.length } = {}
|
|
4132
|
+
) {
|
|
4133
|
+
return shasum(buffer.subarray(start, end))
|
|
4134
|
+
}
|
|
4135
|
+
|
|
4129
4136
|
async function readObjectPacked({
|
|
4130
4137
|
fs,
|
|
4131
4138
|
cache,
|
|
@@ -4179,11 +4186,12 @@ async function readObjectPacked({
|
|
|
4179
4186
|
)
|
|
4180
4187
|
}
|
|
4181
4188
|
|
|
4182
|
-
// 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload
|
|
4183
|
-
//
|
|
4184
|
-
|
|
4185
|
-
|
|
4186
|
-
|
|
4189
|
+
// 2. Deep Integrity Check: Calculate actual SHA-1 of packfile payload.
|
|
4190
|
+
// The Node package build swaps in a chunked implementation for large packs.
|
|
4191
|
+
const actualPayloadSha = await shasumRange(pack, {
|
|
4192
|
+
start: 0,
|
|
4193
|
+
end: pack.length - 20,
|
|
4194
|
+
});
|
|
4187
4195
|
if (actualPayloadSha !== expectedShaFromIndex) {
|
|
4188
4196
|
throw new InternalError(
|
|
4189
4197
|
`Packfile payload corrupted: calculated ${actualPayloadSha} but expected ${expectedShaFromIndex}. The packfile may have been tampered with.`
|