Check downloaded resources integrity

When you pull a resource down, you should check the resources hash against a known good value, in case the third-party is compromised and an attacker replaces the resource (Javascript) with something bad.

Basically this:

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

```html
<script src="https://example.com/example-framework.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>
```

Could be done like this:

```yaml
apiVersion: argoproj.io/v1alpha1
kind: ArgoCDExtension
metadata:
  name: hello-world
  finalizers:
    - extensions-finalizer.argocd.argoproj.io
spec:
  sources:
    - git:
        url: https://github.com/argoproj-labs/argocd-example-extension.git
    - web:
        url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar
        integrity: sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Check downloaded resources integrity #14

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Check downloaded resources integrity #14

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions