Add bounds checking on user-supplied input

2025-02-12 23:13:06 -06:00 · 2025-02-12 23:13:06 -06:00 · 4068146c44
parent 3b523f7742
commit 4068146c44
1 changed files with 3 additions and 3 deletions
--- a/main.go
+++ b/main.go
@ -46,7 +46,7 @@ func main() {
 	if err := json.Unmarshal(sidewalk_data, &sidewalks); err != nil {
 		log.Fatalf("Error decoding JSON: %v", err)
 	}
-
+	sidewalksLen := len(sidewalks)
 	for i := range sidewalks {
 		sidewalks[i].Condition = sidewalk.Condition(rand.IntN(4))
 	}
@ -71,7 +71,7 @@ func main() {
 			return
 		}
 		sidewalkID, err := strconv.Atoi(r.PathValue("id"))
-		if err != nil {
+		if err != nil || sidewalkID < 0 || sidewalkID >= sidewalksLen {
 			http.Error(w, "Invalid id", http.StatusBadRequest)
 			return
 		}
@ -87,7 +87,7 @@ func main() {
 		http.Redirect(w, r, "/", http.StatusSeeOther)
 	})

-	fmt.Printf("Serving on :%v\n", *port)
+	fmt.Printf("Serving %v sidewalks on :%v\n", &sidewalksLen, *port)
 	panic(http.ListenAndServe(fmt.Sprintf(":%v", *port), nil))
 }