Merge pull request #135 from ppfeufer/integrity-hashes

[ADD] Integrity hashes for static CSS and JS files
ppfeufer · Dec 16, 2024 · 3bab6bf · 3bab6bf
2 parents 49b8a9c + 8fe31a9
commit 3bab6bf
Show file tree

Hide file tree

Showing 10 changed files with 71 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,6 +35,10 @@ Section Order:
 ### Security
 -->
 
+### Added
+
+- Integrity hashes for static CSS and JS files
+
 ### Fixed
 
 - Search field positioning in the DataTables

diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-chatscan-highlight-js.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-chatscan-highlight-js.html
@@ -0,0 +1,7 @@
+{% load aa_intel_tool %}
+
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-chatscan-highlight.min.js' %}"
+    integrity="sha512-YzcjTrdeTHKUjG7l1ZGvlNPG5avThGCbGX6GrqfCmWzgNt+fRLfA3DcESh+POA9ikPzuPCk9apcU4RTvcyZCPA=="
+    crossorigin="anonymous"
+></script>
diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-chatscan-js.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-chatscan-js.html
@@ -1,5 +1,12 @@
 {% load aa_intel_tool %}
 
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-scan-result-common.min.js' %}"></script>
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-chatscan-highlight.min.js' %}"></script>
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-chatscan.min.js' %}"></script>
+{% if not common_already_loaded %}
+    {% include "aa_intel_tool/bundles/aa-intel-tool-scan-result-common-js.html" %}
+    {% include "aa_intel_tool/bundles/aa-intel-tool-chatscan-highlight-js.html" %}
+{% endif %}
+
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-chatscan.min.js' %}"
+    integrity="sha512-3w6cQGZMA6DTVxEpi7iiY6cuBw1/6A05UzW3WBO0SJfYEKxy5n758TUeQN7HcukBaHnqBBEMMT2No2+8VtnYCw=="
+    crossorigin="anonymous"
+></script>
diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-css.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-css.html
@@ -1,3 +1,8 @@
 {% load aa_intel_tool %}
 
-<link rel="stylesheet" href="{% aa_intel_tool_static 'aa_intel_tool/css/aa-intel-tool.min.css' %}">
+<link
+    rel="stylesheet"
+    href="{% aa_intel_tool_static 'aa_intel_tool/css/aa-intel-tool.min.css' %}"
+    integrity="sha512-RSNyeAUaR9ZA59om8JlmtMbVW3wYBcqRc+UFpVbdsS1QHvSLUYWPvMRbN2bpSJ25OoKeK1QVVuPWgzzbKsb/Lw=="
+    crossorigin="anonymous"
+>
diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-dscan-highlight-js.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-dscan-highlight-js.html
@@ -0,0 +1,7 @@
+{% load aa_intel_tool %}
+
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-dscan-highlight.min.js' %}"
+    integrity="sha512-YJVl7QxRc/s/zl/pzv0cFKKqK0lUa/Xd2L7huOu+/AeARYMB6IQQjYksr5wfGwsIbo52tm4StpZZZ4ouNX0ftQ=="
+    crossorigin="anonymous"
+></script>
diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-dscan-js.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-dscan-js.html
@@ -1,5 +1,10 @@
 {% load aa_intel_tool %}
 
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-scan-result-common.min.js' %}"></script>
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-dscan-highlight.min.js' %}"></script>
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-dscan.min.js' %}"></script>
+{% include "aa_intel_tool/bundles/aa-intel-tool-scan-result-common-js.html" %}
+{% include "aa_intel_tool/bundles/aa-intel-tool-dscan-highlight-js.html" %}
+
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-dscan.min.js' %}"
+    integrity="sha512-cq8LdM4xZUL4EKJX3wQD4e9BmfxSSPGtdUHkGz2nBfTN1YurQtfv70mfAX4dtp9owVEDgcW+z6jxUsVeaMPGDQ=="
+    crossorigin="anonymous"
+></script>
diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-fleetcomp-js.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-fleetcomp-js.html
@@ -1,10 +1,15 @@
 {% load aa_intel_tool %}
 
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-scan-result-common.min.js' %}"></script>
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-fleetcomposition-highlight.min.js' %}"></script>
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-fleetcomposition.min.js' %}"></script>
+{% include "aa_intel_tool/bundles/aa-intel-tool-scan-result-common-js.html" %}
+{% include "aa_intel_tool/bundles/aa-intel-tool-fleetcomposition-highlight-js.html" %}
+
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-fleetcomposition.min.js' %}"
+    integrity="sha512-SgcJjGvpaGwhOjyqcLzyvjVAN7WAMupkfQv65J7N1Lc1vlAkWUBoFfWpuQ1GO/fozky3OlaUIEch/mYKuxzxoQ=="
+    crossorigin="anonymous"
+></script>
 
 {% if app_settings.INTELTOOL_ENABLE_MODULE_CHATSCAN %}
-    <script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-chatscan-highlight.min.js' %}"></script>
-    <script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-chatscan.min.js' %}"></script>
+    {% include "aa_intel_tool/bundles/aa-intel-tool-chatscan-highlight-js.html" with common_already_loaded=True %}
+    {% include "aa_intel_tool/bundles/aa-intel-tool-chatscan-js.html" with common_already_loaded=True %}
 {% endif %}
diff --git a/...tel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-fleetcomposition-highlight-js.html b/...tel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-fleetcomposition-highlight-js.html
@@ -0,0 +1,7 @@
+{% load aa_intel_tool %}
+
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-fleetcomposition-highlight.min.js' %}"
+    integrity="sha512-1w8LRjOY6utLCWH8BaLRUV1aS5+E6gEUVvlUNv13amsiA2DlQlB8RpA/zqAU0OIsGPVqly5yqUtkc/KlWYt5cA=="
+    crossorigin="anonymous"
+></script>
diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-js.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-js.html
@@ -1,3 +1,7 @@
 {% load aa_intel_tool %}
 
-<script src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool.min.js' %}"></script>
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool.min.js' %}"
+    integrity="sha512-BlayqocQIdp4NgQC1sXiDBs/NgOkrqby7mJgIk74i77S/yFrOeY6rHwlF55wCT4jM72aTBwgnad8ypkbkElxoA=="
+    crossorigin="anonymous"
+></script>
diff --git a/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-scan-result-common-js.html b/aa_intel_tool/templates/aa_intel_tool/bundles/aa-intel-tool-scan-result-common-js.html
@@ -0,0 +1,7 @@
+{% load aa_intel_tool %}
+
+<script
+    src="{% aa_intel_tool_static 'aa_intel_tool/javascript/aa-intel-tool-scan-result-common.min.js' %}"
+    integrity="sha512-drBg9SRxkGYfVnPCgylJ291qgNyTYJ0rBkJcCAnoRgry0gm7j7APAFv7KvIoxjB5ms0EoBBrWiCnYZJ83BSCGQ=="
+    crossorigin="anonymous"
+></script>