From 51e75a610d9821a7c0a2efd2a916afc44d131572 Mon Sep 17 00:00:00 2001 From: Daniel Scalzi Date: Tue, 16 May 2017 02:12:28 -0400 Subject: [PATCH] Added forge checksum validations. --- app/assets/js/assetguard.js | 111 ++++++++++++++++++++++++++++++--- app/assets/js/launchprocess.js | 2 +- package.json | 2 +- 3 files changed, 104 insertions(+), 11 deletions(-) diff --git a/app/assets/js/assetguard.js b/app/assets/js/assetguard.js index edf51098..aa502aaf 100644 --- a/app/assets/js/assetguard.js +++ b/app/assets/js/assetguard.js @@ -28,6 +28,7 @@ const path = require('path') const mkpath = require('mkdirp'); const async = require('async') const crypto = require('crypto') +const AdmZip = require('adm-zip') const EventEmitter = require('events'); const {remote} = require('electron') @@ -155,6 +156,37 @@ const instance = new AssetGuard() // Utility Functions +/** + * Calculates the hash for a file using the specified algorithm. + * + * @param {Buffer} buf - the buffer containing file data. + * @param {String} algo - the hash algorithm. + * @returns {String} - the calculated hash in hex. + */ +function _calculateHash(buf, algo){ + return crypto.createHash(algo).update(buf).digest('hex') +} + +/** + * Used to parse a checksums file. This is specifically designed for + * the checksums.sha1 files found inside the forge scala dependencies. + * + * @param {String} content - the string content of the checksums file. + * @returns {Object} - an object with keys being the file names, and values being the hashes. + */ +function _parseChecksumsFile(content){ + let finalContent = {} + let lines = content.split('\n') + for(let i=0; i} checksums - the checksums listed in the forge version index. + * @returns {Boolean} - true if the file exists and the hashes match, otherwise false. + */ +function _validateForgeChecksum(filePath, checksums){ + if(fs.existsSync(filePath)){ + if(checksums == null || checksums.length === 0){ + return true + } + let buf = fs.readFileSync(filePath) + let calcdhash = _calculateHash(buf, 'sha1') + let valid = checksums.includes(calcdhash) + if(!valid && filePath.endsWith('.jar')){ + valid = _validateForgeJar(filePath, checksums) + } + return valid + } + return false +} + +/** + * Validates a forge jar file dependency who declares a checksums.sha1 file. + * This can be an expensive task as it usually requires that we calculate thousands + * of hashes. + * + * @param {Buffer} buf - the buffer of the jar file. + * @param {Array.} checksums - the checksums listed in the forge version index. + * @returns {Boolean} - true if all hashes declared in the checksums.sha1 file match the actual hashes. + */ +function _validateForgeJar(buf, checksums){ + + const hashes = {} + let expected = {} + + const zip = new AdmZip(buf) + const zipEntries = zip.getEntries() + + //First pass + for(let i=0; i