ssri 5.0.0

Various utilities for handling Subresource Integrity.
Documentation

ssri

ssri, short for Standard Subresource Integrity, is a Rust library for parsing, manipulating, serializing, generating, and verifying Subresource Integrity hashes.

Example

Parse a string as Integrity to convert it to a struct:

use ssri::Integrity;

let source = "sha256-uU0nuZNNPgilLlLX2n2r+sSE7+N6U4DukIj3rOLvzek=";

let parsed: Integrity = source.parse().unwrap();
assert_eq!(parsed.to_string(), source)

Generating a new hash from file data:

use ssri::Integrity;

// By default, generates Integrity as Sha256.
// Use IntegrityOpts to pick the algorithm yourself.
let sri = Integrity::from(b"hello world");
assert_eq!(sri.to_string(), "sha256-uU0nuZNNPgilLlLX2n2r+sSE7+N6U4DukIj3rOLvzek=");

Verifying data against an SRI:

use ssri::{Integrity, Algorithm};

let sri = Integrity::from(b"hello world");
assert_eq!(sri.check(b"hello world").unwrap(), Algorithm::Sha256);

You can also use IntegrityOpts and IntegrityChecker to generate and check subresource integrity, respectively. These allow things like multiple algorithms, and incremental/streamed data input.

Install

Using cargo-edit

$ cargo add ssri

Documentation

Features

  • Parses and stringifies Subresource Integrity strings.
  • Generates SRI strings from raw data.
  • Strict standard compliance.
  • Multiple entries for the same algorithm.

Contributing

The ssri team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The Contributor Guide has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.

All participants and maintainers in this project are expected to follow Code of Conduct, and just generally be excellent to each other.

Happy hacking!

License

This project is licensed under the Parity License. Third-party contributions are licensed under Apache-2.0 and belong to their respective authors.

The Parity License is a copyleft license that, unlike the GPL family, allows you to license derivative and connected works under permissive licenses like MIT or Apache-2.0. It's free to use provided the work you do is freely available!

For proprietary use, please contact me, or just sponsor me on GitHub under the appropriate tier to acquire a proprietary-use license! This funding model helps me make my work sustainable and compensates me for the work it took to write this crate!