apifrom.utils.sri

Overview

Classes

• SRIHashAlgorithm

• SRIMiddleware

Functions

• generate_integrity_hash()

• validate_integrity()

Classes

SRIHashAlgorithm:bases: str, enum.Enum

str(object=’’) -> str

str(bytes_or_buffer[, encoding[, errors]]) -> str

Create a new string object from the given object. If encoding or errors is specified, then the object must expose a data buffer that will be decoded using the given encoding and error handler. Otherwise, returns the result of object.__str__() (if defined) or repr(object). encoding defaults to sys.getdefaultencoding(). errors defaults to ‘strict’.

Initialize self. See help(type(self)) for accurate signature.

class apifrom.utils.sri.SRIMiddleware(algorithms=None, script_sources=None, style_sources=None, exempt_paths=None)

Middleware for adding and verifying Subresource Integrity hashes.

Parameters:

• algorithms (Optional[List[SRIHashAlgorithm]]) – List of hash algorithms to use

• script_sources (Optional[Dict[str, str]]) – Mapping of script URLs to their content

• style_sources (Optional[Dict[str, str]]) – Mapping of style URLs to their content

• exempt_paths (Optional[List[str]]) – List of paths that should be exempt from integrity checks

Functions

apifrom.utils.sri.generate_integrity_hash(content, algorithm=SRIHashAlgorithm.SHA384)

Parameters:

• content (Union[str, bytes])

• algorithm (SRIHashAlgorithm)

Return type:

str

Generates a Subresource Integrity hash for the given content.

param content:

The content to generate the hash for

param algorithm:

The hashing algorithm to use

returns:

The integrity hash string

apifrom.utils.sri.validate_integrity(content, integrity)

Parameters:

• content (Union[str, bytes])

• integrity (str)

Return type:

bool

Validates that the given content matches the provided integrity hash.

param content:

The content to validate

param integrity:

The integrity hash to validate against

returns:

True if the content is valid, False otherwise