From 4068146c44deb3fd1226936fc4d76b75cabbddf4 Mon Sep 17 00:00:00 2001
From: Chandler Swift <chandler@chandlerswift.com>
Date: Wed, 12 Feb 2025 23:13:06 -0600
Subject: [PATCH] Add bounds checking on user-supplied input

---
 main.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.go b/main.go
index 8ec348f..4329bfb 100644
--- a/main.go
+++ b/main.go
@@ -46,7 +46,7 @@ func main() {
 	if err := json.Unmarshal(sidewalk_data, &sidewalks); err != nil {
 		log.Fatalf("Error decoding JSON: %v", err)
 	}
-
+	sidewalksLen := len(sidewalks)
 	for i := range sidewalks {
 		sidewalks[i].Condition = sidewalk.Condition(rand.IntN(4))
 	}
@@ -71,7 +71,7 @@ func main() {
 			return
 		}
 		sidewalkID, err := strconv.Atoi(r.PathValue("id"))
-		if err != nil {
+		if err != nil || sidewalkID < 0 || sidewalkID >= sidewalksLen {
 			http.Error(w, "Invalid id", http.StatusBadRequest)
 			return
 		}
@@ -87,7 +87,7 @@ func main() {
 		http.Redirect(w, r, "/", http.StatusSeeOther)
 	})
 
-	fmt.Printf("Serving on :%v\n", *port)
+	fmt.Printf("Serving %v sidewalks on :%v\n", &sidewalksLen, *port)
 	panic(http.ListenAndServe(fmt.Sprintf(":%v", *port), nil))
 }