Automatically hashing split filenames on production

weaverryan · weaverryan · commit cf0192fc3c3f · 2018-07-16T14:12:01.000-04:00
This is to not expose other entry names - e.g.
vendor~super_secret_admin_area~other_entry.js
diff --git a/lib/config-generator.js b/lib/config-generator.js
@@ -45,6 +45,7 @@ const tmp = require('tmp');
 const fs = require('fs');
 const path = require('path');
 const stringEscaper = require('./utils/string-escaper');
+const crypto = require('crypto');
 
 class ConfigGenerator {
     /**
@@ -365,6 +366,25 @@ class ConfigGenerator {
         let splitChunks = {
             chunks: this.webpackConfig.shouldSplitEntryChunks ? 'all' : 'async'
         };
+
+        // hash the split filenames in production to protect exposing entry names
+        if (this.webpackConfig.shouldSplitEntryChunks && this.webpackConfig.isProduction()) {
+            // taken from SplitChunksPlugin
+            const hashFilename = name => {
+                return crypto
+                    .createHash('md4')
+                    .update(name)
+                    .digest('hex')
+                    .slice(0, 8);
+            };
+
+            splitChunks.name = function(module, chunks, cacheGroup) {
+                const names = chunks.map(c => c.name);
+
+                return cacheGroup + '~' + hashFilename(names.join('~'));
+            };
+        }
+
         if (this.webpackConfig.sharedCommonsEntryName) {
             const cacheGroups = {};
             cacheGroups[this.webpackConfig.sharedCommonsEntryName] = {
diff --git a/test/config-generator.js b/test/config-generator.js
@@ -824,4 +824,30 @@ describe('The config-generator function', () => {
             });
         });
     });
+
+    describe('Test shouldSplitEntryChunks', () => {
+        it('Not production', () => {
+            const config = createConfig();
+            config.outputPath = '/tmp/public/build';
+            config.setPublicPath('/build/');
+            config.splitEntryChunks();
+
+            const actualConfig = configGenerator(config);
+            expect(actualConfig.optimization.splitChunks.chunks).to.equal('all');
+            expect(actualConfig.optimization.splitChunks.name).to.be.undefined;
+        });
+
+        it('Yes production', () => {
+            const runtimeConfig = new RuntimeConfig();
+            runtimeConfig.environment = 'production';
+            const config = createConfig(runtimeConfig);
+            config.outputPath = '/tmp/public/build';
+            config.setPublicPath('/build/');
+            config.splitEntryChunks();
+
+            const actualConfig = configGenerator(config);
+            expect(actualConfig.optimization.splitChunks.chunks).to.equal('all');
+            expect(actualConfig.optimization.splitChunks.name).to.be.a('function');
+        });
+    });
 });
