kmx git

Commit b08cae5603ac0a594814e7c88e9fa60f001cf00c

2018-01-31T22:38:01
Add support for highlighting CSP, HSTS, and HPKP (#1275) * Add CSP support. * Add HPKP support. * Add HSTS support. * Updates based on feedback. * Updates based on feedback. * Updates based on feedback. * Updates based on feedback. * Updates based on feedback. * Updates based on feedback. * Updates based on Feedback. * Fix parentheses. * List csp, hpkp, and hsts in components.js * Add missing base64 chars to 'nonce-...' and 'sha-...' source expressions * Add support for 'sha384-...' and 'sha512-...' source expressions * Add tests and examples for csp * Add tests and examples for hsts * Add tests and examples for hpkp * hpkp: Include the sha256 hash in the directive itself Prevent the numbers in the base64 string from being classified as "safe" or "unsafe". * Rebuild the minified csp and hpkp components * Rebuild the "Show Language" plugin as well * Fix copy/paste error in test description
diff --git a/components.js b/components.js
index 53af912..d4e3b14 100644
--- a/components.js
+++ b/components.js
@@ -161,6 +161,10 @@ var components = {
 			"require": "ruby",
 			"owner": "MakeNowJust"
 		},
+		"csp": {
+			"title": "Content-Security-Policy",
+			"owner": "ScottHelme"
+		},
 		"css-extras": {
 			"title": "CSS Extras",
 			"require": "css",
@@ -269,6 +273,14 @@ var components = {
 			"title": "HTTP",
 			"owner": "danielgtaylor"
 		},
+		"hpkp": {
+			"title": "HTTP Public-Key-Pins",
+			"owner": "ScottHelme"
+		},
+		"hsts": {
+			"title": "HTTP Strict-Transport-Security",
+			"owner": "ScottHelme"
+		},
 		"ichigojam": {
 			"title": "IchigoJam",
 			"owner": "BlueCocoa"
diff --git a/components/prism-csp.js b/components/prism-csp.js
new file mode 100644
index 0000000..cc5962f
--- /dev/null
+++ b/components/prism-csp.js
@@ -0,0 +1,25 @@
+/**
+ * Original by Scott Helme.
+ *
+ * Reference: https://scotthelme.co.uk/csp-cheat-sheet/
+ *
+ * Supports the following:
+ *  - CSP Level 1
+ *  - CSP Level 2
+ *  - CSP Level 3
+ */
+
+Prism.languages.csp = {
+	'directive':  {
+             pattern: /\b(?:(?:base-uri|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox) |(?:block-all-mixed-content|disown-opener|upgrade-insecure-requests)(?: |;)|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src )/i,
+             alias: 'keyword'
+        },
+	'safe': {
+            pattern: /'(?:self|none|strict-dynamic|(?:nonce-|sha(?:256|384|512)-)[a-zA-Z0-9+=/]+)'/,
+            alias: 'selector'
+        },
+	'unsafe': {
+            pattern: /(?:'unsafe-inline'|'unsafe-eval'|'unsafe-hashed-attributes'|\*)/,
+            alias: 'function'
+        }
+};
\ No newline at end of file
diff --git a/components/prism-csp.min.js b/components/prism-csp.min.js
new file mode 100644
index 0000000..bad8cae
--- /dev/null
+++ b/components/prism-csp.min.js
@@ -0,0 +1 @@
+Prism.languages.csp={directive:{pattern:/\b(?:(?:base-uri|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox) |(?:block-all-mixed-content|disown-opener|upgrade-insecure-requests)(?: |;)|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src )/i,alias:"keyword"},safe:{pattern:/'(?:self|none|strict-dynamic|(?:nonce-|sha(?:256|384|512)-)[a-zA-Z0-9+=\/]+)'/,alias:"selector"},unsafe:{pattern:/(?:'unsafe-inline'|'unsafe-eval'|'unsafe-hashed-attributes'|\*)/,alias:"function"}};
\ No newline at end of file
diff --git a/components/prism-hpkp.js b/components/prism-hpkp.js
new file mode 100644
index 0000000..8afbf17
--- /dev/null
+++ b/components/prism-hpkp.js
@@ -0,0 +1,20 @@
+/**
+ * Original by Scott Helme.
+ *
+ * Reference: https://scotthelme.co.uk/hpkp-cheat-sheet/
+ */
+
+Prism.languages.hpkp = {
+	'directive':  {
+             pattern: /\b(?:(?:includeSubDomains|preload|strict)(?: |;)|pin-sha256="[a-zA-Z0-9+=/]+"|(?:max-age|report-uri)=|report-to )/,
+             alias: 'keyword'
+        },
+	'safe': {
+            pattern: /[0-9]{7,}/,
+            alias: 'selector'
+        },
+	'unsafe': {
+            pattern: /[0-9]{0,6}/,
+            alias: 'function'
+        }
+};
\ No newline at end of file
diff --git a/components/prism-hpkp.min.js b/components/prism-hpkp.min.js
new file mode 100644
index 0000000..45fcb6b
--- /dev/null
+++ b/components/prism-hpkp.min.js
@@ -0,0 +1 @@
+Prism.languages.hpkp={directive:{pattern:/\b(?:(?:includeSubDomains|preload|strict)(?: |;)|pin-sha256="[a-zA-Z0-9+=\/]+"|(?:max-age|report-uri)=|report-to )/,alias:"keyword"},safe:{pattern:/[0-9]{7,}/,alias:"selector"},unsafe:{pattern:/[0-9]{0,6}/,alias:"function"}};
\ No newline at end of file
diff --git a/components/prism-hsts.js b/components/prism-hsts.js
new file mode 100644
index 0000000..d8f42d0
--- /dev/null
+++ b/components/prism-hsts.js
@@ -0,0 +1,20 @@
+/**
+ * Original by Scott Helme.
+ *
+ * Reference: https://scotthelme.co.uk/hsts-cheat-sheet/
+ */
+
+Prism.languages.hsts = {
+	'directive':  {
+             pattern: /\b(?:max-age=|includeSubDomains|preload)/,
+             alias: 'keyword'
+        },
+	'safe': {
+            pattern: /[0-9]{8,}/,
+            alias: 'selector'
+        },
+	'unsafe': {
+            pattern: /[0-9]{0,7}/,
+            alias: 'function'
+        }
+};
\ No newline at end of file
diff --git a/components/prism-hsts.min.js b/components/prism-hsts.min.js
new file mode 100644
index 0000000..688eb21
--- /dev/null
+++ b/components/prism-hsts.min.js
@@ -0,0 +1 @@
+Prism.languages.hsts={directive:{pattern:/\b(?:max-age=|includeSubDomains|preload)/,alias:"keyword"},safe:{pattern:/[0-9]{8,}/,alias:"selector"},unsafe:{pattern:/[0-9]{0,7}/,alias:"function"}};
\ No newline at end of file
diff --git a/examples/prism-csp.html b/examples/prism-csp.html
new file mode 100644
index 0000000..ff89659
--- /dev/null
+++ b/examples/prism-csp.html
@@ -0,0 +1,16 @@
+<h1>HTTP Content-Security-Policy header value</h1>
+<p>To use this language, use the class "language-csp".</p>
+
+<h2>A complete policy</h2>
+<pre><code>default-src 'none';
+script-src my.cdn.com;
+img-src 'self' data:;
+child-src 'self' data: ms-appx-web:;
+block-all-mixed-content;
+report-uri https://my-reports.com/submit;
+</code></pre>
+
+<h2>An policy with unsafe source expressions</h2>
+<pre><code>script-src 'self' 'unsafe-eval' 'unsafe-inline';
+style-src 'unsafe-inline' 'unsafe-hashed-attributes' 'self';
+</code></pre>
diff --git a/examples/prism-hpkp.html b/examples/prism-hpkp.html
new file mode 100644
index 0000000..20e83fa
--- /dev/null
+++ b/examples/prism-hpkp.html
@@ -0,0 +1,14 @@
+<h1>HTTP Public-Key-Pins header value</h1>
+<p>To use this language, use the class "language-hpkp".</p>
+
+<h2>Pin for one year with report-uri</h2>
+<pre><code>pin-sha256="EpOpN/ahUF6jhWShDUdy+NvvtaGcu5F7qM6+x2mfkh4=";
+max-age=31536000;
+includeSubDomains;
+report-uri="https://my-reports.com/submit"
+</code></pre>
+
+<h2>Pin for a short time (considered unsafe)</h2>
+<pre><code>pin-sha256="EpOpN/ahUF6jhWShDUdy+NvvtaGcu5F7qM6+x2mfkh4=";
+max-age=123
+</code></pre>
diff --git a/examples/prism-hsts.html b/examples/prism-hsts.html
new file mode 100644
index 0000000..d6d59e7
--- /dev/null
+++ b/examples/prism-hsts.html
@@ -0,0 +1,11 @@
+<h1>HTTP Strict-Transport-Security header value</h1>
+<p>To use this language, use the class "language-hsts".</p>
+
+<h2>Policy with far-future max-age</h2>
+<pre><code>max-age=31536000</code></pre>
+
+<h2>Policy with near-future max-age, considered unsafe</h2>
+<pre><code>max-age=123</code></pre>
+
+<h2>Policy with extra directives</h2>
+<pre><code>max-age=31536000; includeSubdomains; preload</code></pre>
diff --git a/plugins/show-language/prism-show-language.js b/plugins/show-language/prism-show-language.js
index b75d88f..082765e 100644
--- a/plugins/show-language/prism-show-language.js
+++ b/plugins/show-language/prism-show-language.js
@@ -11,7 +11,7 @@ if (!Prism.plugins.toolbar) {
 }
 
 // The languages map is built automatically with gulp
-var Languages = /*languages_placeholder[*/{"html":"HTML","xml":"XML","svg":"SVG","mathml":"MathML","css":"CSS","clike":"C-like","javascript":"JavaScript","abap":"ABAP","actionscript":"ActionScript","apacheconf":"Apache Configuration","apl":"APL","applescript":"AppleScript","asciidoc":"AsciiDoc","asm6502":"6502 Assembly","aspnet":"ASP.NET (C#)","autohotkey":"AutoHotkey","autoit":"AutoIt","basic":"BASIC","csharp":"C#","cpp":"C++","coffeescript":"CoffeeScript","css-extras":"CSS Extras","django":"Django/Jinja2","fsharp":"F#","glsl":"GLSL","graphql":"GraphQL","http":"HTTP","ichigojam":"IchigoJam","inform7":"Inform 7","json":"JSON","latex":"LaTeX","livescript":"LiveScript","lolcode":"LOLCODE","matlab":"MATLAB","mel":"MEL","n4js":"N4JS","nasm":"NASM","nginx":"nginx","nsis":"NSIS","objectivec":"Objective-C","ocaml":"OCaml","opencl":"OpenCL","parigp":"PARI/GP","php":"PHP","php-extras":"PHP Extras","powershell":"PowerShell","properties":".properties","protobuf":"Protocol Buffers","jsx":"React JSX","renpy":"Ren'py","rest":"reST (reStructuredText)","sas":"SAS","sass":"Sass (Sass)","scss":"Sass (Scss)","sql":"SQL","typescript":"TypeScript","vbnet":"VB.Net","vhdl":"VHDL","vim":"vim","wiki":"Wiki markup","xojo":"Xojo (REALbasic)","yaml":"YAML"}/*]*/;
+var Languages = /*languages_placeholder[*/{"html":"HTML","xml":"XML","svg":"SVG","mathml":"MathML","css":"CSS","clike":"C-like","javascript":"JavaScript","abap":"ABAP","actionscript":"ActionScript","apacheconf":"Apache Configuration","apl":"APL","applescript":"AppleScript","asciidoc":"AsciiDoc","asm6502":"6502 Assembly","aspnet":"ASP.NET (C#)","autohotkey":"AutoHotkey","autoit":"AutoIt","basic":"BASIC","csharp":"C#","cpp":"C++","coffeescript":"CoffeeScript","csp":"Content-Security-Policy","css-extras":"CSS Extras","django":"Django/Jinja2","fsharp":"F#","glsl":"GLSL","graphql":"GraphQL","http":"HTTP","hpkp":"HTTP Public-Key-Pins","hsts":"HTTP Strict-Transport-Security","ichigojam":"IchigoJam","inform7":"Inform 7","json":"JSON","latex":"LaTeX","livescript":"LiveScript","lolcode":"LOLCODE","matlab":"MATLAB","mel":"MEL","n4js":"N4JS","nasm":"NASM","nginx":"nginx","nsis":"NSIS","objectivec":"Objective-C","ocaml":"OCaml","opencl":"OpenCL","parigp":"PARI/GP","php":"PHP","php-extras":"PHP Extras","powershell":"PowerShell","properties":".properties","protobuf":"Protocol Buffers","jsx":"React JSX","renpy":"Ren'py","rest":"reST (reStructuredText)","sas":"SAS","sass":"Sass (Sass)","scss":"Sass (Scss)","sql":"SQL","typescript":"TypeScript","vbnet":"VB.Net","vhdl":"VHDL","vim":"vim","wiki":"Wiki markup","xojo":"Xojo (REALbasic)","yaml":"YAML"}/*]*/;
 Prism.plugins.toolbar.registerButton('show-language', function(env) {
 	var pre = env.element.parentNode;
 	if (!pre || !/pre/i.test(pre.nodeName)) {
diff --git a/plugins/show-language/prism-show-language.min.js b/plugins/show-language/prism-show-language.min.js
index 1387ec1..f773d83 100644
--- a/plugins/show-language/prism-show-language.min.js
+++ b/plugins/show-language/prism-show-language.min.js
@@ -1 +1 @@
-!function(){if("undefined"!=typeof self&&self.Prism&&self.document){if(!Prism.plugins.toolbar)return console.warn("Show Languages plugin loaded before Toolbar plugin."),void 0;var e={html:"HTML",xml:"XML",svg:"SVG",mathml:"MathML",css:"CSS",clike:"C-like",javascript:"JavaScript",abap:"ABAP",actionscript:"ActionScript",apacheconf:"Apache Configuration",apl:"APL",applescript:"AppleScript",asciidoc:"AsciiDoc",asm6502:"6502 Assembly",aspnet:"ASP.NET (C#)",autohotkey:"AutoHotkey",autoit:"AutoIt",basic:"BASIC",csharp:"C#",cpp:"C++",coffeescript:"CoffeeScript","css-extras":"CSS Extras",django:"Django/Jinja2",fsharp:"F#",glsl:"GLSL",graphql:"GraphQL",http:"HTTP",ichigojam:"IchigoJam",inform7:"Inform 7",json:"JSON",latex:"LaTeX",livescript:"LiveScript",lolcode:"LOLCODE",matlab:"MATLAB",mel:"MEL",n4js:"N4JS",nasm:"NASM",nginx:"nginx",nsis:"NSIS",objectivec:"Objective-C",ocaml:"OCaml",opencl:"OpenCL",parigp:"PARI/GP",php:"PHP","php-extras":"PHP Extras",powershell:"PowerShell",properties:".properties",protobuf:"Protocol Buffers",jsx:"React JSX",renpy:"Ren'py",rest:"reST (reStructuredText)",sas:"SAS",sass:"Sass (Sass)",scss:"Sass (Scss)",sql:"SQL",typescript:"TypeScript",vbnet:"VB.Net",vhdl:"VHDL",vim:"vim",wiki:"Wiki markup",xojo:"Xojo (REALbasic)",yaml:"YAML"};Prism.plugins.toolbar.registerButton("show-language",function(t){var a=t.element.parentNode;if(a&&/pre/i.test(a.nodeName)){var s=a.getAttribute("data-language")||e[t.language]||t.language.substring(0,1).toUpperCase()+t.language.substring(1),i=document.createElement("span");return i.textContent=s,i}})}}();
\ No newline at end of file
+!function(){if("undefined"!=typeof self&&self.Prism&&self.document){if(!Prism.plugins.toolbar)return console.warn("Show Languages plugin loaded before Toolbar plugin."),void 0;var e={html:"HTML",xml:"XML",svg:"SVG",mathml:"MathML",css:"CSS",clike:"C-like",javascript:"JavaScript",abap:"ABAP",actionscript:"ActionScript",apacheconf:"Apache Configuration",apl:"APL",applescript:"AppleScript",asciidoc:"AsciiDoc",asm6502:"6502 Assembly",aspnet:"ASP.NET (C#)",autohotkey:"AutoHotkey",autoit:"AutoIt",basic:"BASIC",csharp:"C#",cpp:"C++",coffeescript:"CoffeeScript",csp:"Content-Security-Policy","css-extras":"CSS Extras",django:"Django/Jinja2",fsharp:"F#",glsl:"GLSL",graphql:"GraphQL",http:"HTTP",hpkp:"HTTP Public-Key-Pins",hsts:"HTTP Strict-Transport-Security",ichigojam:"IchigoJam",inform7:"Inform 7",json:"JSON",latex:"LaTeX",livescript:"LiveScript",lolcode:"LOLCODE",matlab:"MATLAB",mel:"MEL",n4js:"N4JS",nasm:"NASM",nginx:"nginx",nsis:"NSIS",objectivec:"Objective-C",ocaml:"OCaml",opencl:"OpenCL",parigp:"PARI/GP",php:"PHP","php-extras":"PHP Extras",powershell:"PowerShell",properties:".properties",protobuf:"Protocol Buffers",jsx:"React JSX",renpy:"Ren'py",rest:"reST (reStructuredText)",sas:"SAS",sass:"Sass (Sass)",scss:"Sass (Scss)",sql:"SQL",typescript:"TypeScript",vbnet:"VB.Net",vhdl:"VHDL",vim:"vim",wiki:"Wiki markup",xojo:"Xojo (REALbasic)",yaml:"YAML"};Prism.plugins.toolbar.registerButton("show-language",function(t){var a=t.element.parentNode;if(a&&/pre/i.test(a.nodeName)){var s=a.getAttribute("data-language")||e[t.language]||t.language.substring(0,1).toUpperCase()+t.language.substring(1),i=document.createElement("span");return i.textContent=s,i}})}}();
\ No newline at end of file
diff --git a/tests/languages/csp/directive_no_value_feature.test b/tests/languages/csp/directive_no_value_feature.test
new file mode 100644
index 0000000..5ae927d
--- /dev/null
+++ b/tests/languages/csp/directive_no_value_feature.test
@@ -0,0 +1,11 @@
+upgrade-insecure-requests;
+
+----------------------------------------------------
+
+[
+	["directive", "upgrade-insecure-requests;"]
+]
+
+----------------------------------------------------
+
+Checks for a "void" CSP directive followed by semicolon.
diff --git a/tests/languages/csp/directive_with_source_expression_feature.test b/tests/languages/csp/directive_with_source_expression_feature.test
new file mode 100644
index 0000000..fc059f4
--- /dev/null
+++ b/tests/languages/csp/directive_with_source_expression_feature.test
@@ -0,0 +1,12 @@
+script-src example.com;
+
+----------------------------------------------------
+
+[
+	["directive", "script-src "],
+	"example.com;"
+]
+
+----------------------------------------------------
+
+Checks for CSP directive followed by a source expression.
diff --git a/tests/languages/csp/safe_feature.test b/tests/languages/csp/safe_feature.test
new file mode 100644
index 0000000..af31d1a
--- /dev/null
+++ b/tests/languages/csp/safe_feature.test
@@ -0,0 +1,19 @@
+default-src 'none'; style-src 'self' 'strict-dynamic' 'nonce-yeah' 'sha256-EpOpN/ahUF6jhWShDUdy+NvvtaGcu5F7qM6+x2mfkh4=';
+
+----------------------------------------------------
+
+[
+	["directive", "default-src "],
+	["safe", "'none'"],
+	"; ",
+	["directive", "style-src "],
+	["safe", "'self'"],
+	["safe", "'strict-dynamic'"],
+	["safe", "'nonce-yeah'"],
+	["safe", "'sha256-EpOpN/ahUF6jhWShDUdy+NvvtaGcu5F7qM6+x2mfkh4='"],
+	";"
+]
+
+----------------------------------------------------
+
+Checks for source expressions classified as safe.
diff --git a/tests/languages/csp/unsafe_feature.test b/tests/languages/csp/unsafe_feature.test
new file mode 100644
index 0000000..1fe7e47
--- /dev/null
+++ b/tests/languages/csp/unsafe_feature.test
@@ -0,0 +1,15 @@
+script-src 'unsafe-inline' 'unsafe-eval' 'unsafe-hashed-attributes';
+
+----------------------------------------------------
+
+[
+	["directive", "script-src "],
+	["unsafe", "'unsafe-inline'"],
+	["unsafe", "'unsafe-eval'"],
+	["unsafe", "'unsafe-hashed-attributes'"],
+	";"
+]
+
+----------------------------------------------------
+
+Checks for source expressions classified as unsafe.
diff --git a/tests/languages/hpkp/safe_maxage_feature.test b/tests/languages/hpkp/safe_maxage_feature.test
new file mode 100644
index 0000000..169f23c
--- /dev/null
+++ b/tests/languages/hpkp/safe_maxage_feature.test
@@ -0,0 +1,12 @@
+max-age=31536000
+
+----------------------------------------------------
+
+[
+	["directive", "max-age="],
+	["safe", "31536000"]
+]
+
+----------------------------------------------------
+
+Checks for HPKP with a "safe" max-age.
diff --git a/tests/languages/hpkp/sha256_pin_feature.test b/tests/languages/hpkp/sha256_pin_feature.test
new file mode 100644
index 0000000..45adf1c
--- /dev/null
+++ b/tests/languages/hpkp/sha256_pin_feature.test
@@ -0,0 +1,11 @@
+pin-sha256="EpOpN/ahUF6jhWShDUdy+NvvtaGcu5F7qM6+x2mfkh4="
+
+----------------------------------------------------
+
+[
+	["directive", "pin-sha256=\"EpOpN/ahUF6jhWShDUdy+NvvtaGcu5F7qM6+x2mfkh4=\""]
+]
+
+----------------------------------------------------
+
+Checks for HPKP with a sha256 pin.
diff --git a/tests/languages/hpkp/unsafe_maxage_feature.test b/tests/languages/hpkp/unsafe_maxage_feature.test
new file mode 100644
index 0000000..4f1ff96
--- /dev/null
+++ b/tests/languages/hpkp/unsafe_maxage_feature.test
@@ -0,0 +1,12 @@
+max-age=123
+
+----------------------------------------------------
+
+[
+	["directive", "max-age="],
+	["unsafe", "123"]
+]
+
+----------------------------------------------------
+
+Checks for HPKP with an "unsafe" max-age.
diff --git a/tests/languages/hsts/include_subdomains_feature.test b/tests/languages/hsts/include_subdomains_feature.test
new file mode 100644
index 0000000..e889e84
--- /dev/null
+++ b/tests/languages/hsts/include_subdomains_feature.test
@@ -0,0 +1,11 @@
+includeSubDomains
+
+----------------------------------------------------
+
+[
+	["directive", "includeSubDomains"]
+]
+
+----------------------------------------------------
+
+Checks for HSTS with the includeSubDomains directive.
diff --git a/tests/languages/hsts/preload_feature.test b/tests/languages/hsts/preload_feature.test
new file mode 100644
index 0000000..2a390a0
--- /dev/null
+++ b/tests/languages/hsts/preload_feature.test
@@ -0,0 +1,11 @@
+preload
+
+----------------------------------------------------
+
+[
+	["directive", "preload"]
+]
+
+----------------------------------------------------
+
+Checks for HSTS with the preload directive.
diff --git a/tests/languages/hsts/safe_maxage_feature.test b/tests/languages/hsts/safe_maxage_feature.test
new file mode 100644
index 0000000..6797fff
--- /dev/null
+++ b/tests/languages/hsts/safe_maxage_feature.test
@@ -0,0 +1,12 @@
+max-age=31536000
+
+----------------------------------------------------
+
+[
+	["directive", "max-age="],
+	["safe", "31536000"]
+]
+
+----------------------------------------------------
+
+Checks for HSTS with a "safe" max-age.
diff --git a/tests/languages/hsts/unsafe_maxage_feature.test b/tests/languages/hsts/unsafe_maxage_feature.test
new file mode 100644
index 0000000..dba69dc
--- /dev/null
+++ b/tests/languages/hsts/unsafe_maxage_feature.test
@@ -0,0 +1,12 @@
+max-age=123
+
+----------------------------------------------------
+
+[
+	["directive", "max-age="],
+	["unsafe", "123"]
+]
+
+----------------------------------------------------
+
+Checks for HSTS with an "unsafe" max-age.
kmx.io/prism.js

Commit b08cae5603ac0a594814e7c88e9fa60f001cf00c
