From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 6 Dec 2019 14:44:04 +0000 (+0300)
Subject: Explicitly required SHA256 digest information
X-Git-Tag: v2.1.0~8
X-Git-Url: http://www.git.cypherpunks.ru/?p=gocheese.git;a=commitdiff_plain;h=b2c61aa43c08395b0d38fd6def46f369e0366e9b

Explicitly required SHA256 digest information
---

diff --git a/gocheese.go b/gocheese.go
index 2ba14d6..655908d 100644
--- a/gocheese.go
+++ b/gocheese.go
@@ -151,6 +151,11 @@ func refreshDir(
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return false
 		}
+		if !strings.HasPrefix(pkgURL.Fragment, SHA256Prefix) {
+			log.Println(r.RemoteAddr, "pypi", filename, "no SHA256 digest provided")
+			http.Error(w, "no SHA256 digest provided", http.StatusBadGateway)
+			return false
+		}
 		digest, err = hex.DecodeString(strings.TrimPrefix(pkgURL.Fragment, SHA256Prefix))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadGateway)