]> Cypherpunks.ru repositories - gocheese.git/blobdiff - gocheese.go
projects / gocheese.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Explicitly required SHA256 digest information
[gocheese.git] / gocheese.go
diff --git a/gocheese.go b/gocheese.go
index 5ecd959bc61e6f1a5881f8dc0d6b8c6b97b43de6..655908d47f789735bc84033a9ef6b006991d0185 100644 (file)
--- a/gocheese.go
+++ b/gocheese.go
@@ -151,6 +151,11 @@ func refreshDir(
                        http.Error(w, err.Error(), http.StatusInternalServerError)
                        return false
                }
+               if !strings.HasPrefix(pkgURL.Fragment, SHA256Prefix) {
+                       log.Println(r.RemoteAddr, "pypi", filename, "no SHA256 digest provided")
+                       http.Error(w, "no SHA256 digest provided", http.StatusBadGateway)
+                       return false
+               }
                digest, err = hex.DecodeString(strings.TrimPrefix(pkgURL.Fragment, SHA256Prefix))
                if err != nil {
                        http.Error(w, err.Error(), http.StatusBadGateway)
@@ -553,10 +558,10 @@ func goodIntegrity() bool {
                                log.Fatal(err)
                        }
                        if bytes.Compare(hasher.Sum(digest[:0]), data) == 0 {
-                               log.Println(pkgName, "GOOD")
+                               fmt.Println(pkgName, "GOOD")
                        } else {
                                isGood = false
-                               log.Println(pkgName, "BAD")
+                               fmt.Println(pkgName, "BAD")
                        }
                        hasher.Reset()
                }
Python private package repository and caching proxy