feat(size): calculate and update stream sizes

npm · Apr 3, 2017 · 02ed1ad · 02ed1ad
1 parent 049b89e
commit 02ed1ad
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -346,6 +346,10 @@ or an error happens with `stream`, the Promise will be rejected.
 If the Promise is rejected because verification failed, the returned error will
 have `err.code` as `EBADCHECKSUM`.
 
+If `opts.size` is given, it will be matched against the stream size. An error
+with `err.code` `EBADSIZE` will be returned by a rejection if the expected size
+and actual size fail to match.
+
 If `opts.pickAlgorithm` is provided, it will be used by
 [`Integrity#pickAlgorithm`](#integrity-pick-algorithm) when deciding which of
 the available digests to match against.
@@ -385,6 +389,10 @@ against `sri`. `sri` can be any subresource integrity representation that
 If verification fails, the returned stream will error with an `EBADCHECKSUM`
 error code.
 
+If `opts.size` is given, it will be matched against the stream size. An error
+with `err.code` `EBADSIZE` will be emitted by the stream if the expected size
+and actual size fail to match.
+
 If `opts.pickAlgorithm` is provided, it will be passed two algorithms as
 arguments. ssri will prioritize whichever of the two algorithms is returned by
 this function. Note that the function may be called multiple times, and it

diff --git a/index.js b/index.js
@@ -229,23 +229,34 @@ function createCheckerStream (sri, opts) {
   const algorithm = sri.pickAlgorithm(opts)
   const digests = sri[algorithm]
   const hash = crypto.createHash(algorithm)
+  let streamSize = 0
   const stream = new Transform({
     transform: function (chunk, enc, cb) {
+      streamSize += chunk.length
       hash.update(chunk, enc)
       cb(null, chunk, enc)
     },
     flush: function (cb) {
       const digest = hash.digest('base64')
       const match = digests.find(meta => meta.digest === digest)
-      if (match) {
+      if (typeof opts.size === 'number' && streamSize !== opts.size) {
+        const err = new Error(`stream size mismatch when checking ${sri}.\n  Wanted: ${opts.size}\n  Found: ${streamSize}`)
+        err.code = 'EBADSIZE'
+        err.found = streamSize
+        err.expected = opts.size
+        err.sri = sri
+        return cb(err)
+      } else if (match) {
+        stream.emit('size', streamSize)
         stream.emit('verified', match)
         return cb()
       } else {
-        const err = new Error(`${algorithm} integrity checksum failed`)
+        const err = new Error(`${sri} integrity checksum failed when using ${algorithm}`)
         err.code = 'EBADCHECKSUM'
         err.found = digest
         err.expected = digests
         err.algorithm = algorithm
+        err.sri = sri
         return cb(err)
       }
     }

diff --git a/test/check.js b/test/check.js
@@ -160,5 +160,14 @@ test('checkStream', t => {
       })['sha384'][0],
       'picks the "strongest" available algorithm, by default'
     )
+    return ssri.checkStream(
+      fileStream(), `sha256-${hash(TEST_DATA, 'sha256')}`, {
+        size: TEST_DATA.length - 1
+      }
+    ).then(() => {
+      throw new Error('unexpected success')
+    }, err => {
+      t.equal(err.code, 'EBADSIZE', 'size check failure rejects the promise')
+    })
   })
 })