fix username spoofing

pull/1/head
vilmibm 2022-07-21 18:11:41 +00:00
parent b10bdd756a
commit 470ebb5507
3 changed files with 10 additions and 1 deletions

0
go.sum 100644
View File

View File

@ -9,7 +9,9 @@ import (
"math/rand"
"net/http"
"os"
"os/user"
"path/filepath"
"syscall"
"time"
email "git.tilde.town/tildetown/town/email"
@ -33,7 +35,14 @@ func processGitea(rp string) error {
usernames := []string{}
for _, file := range files {
usernames = append(usernames, file.Name())
sysInfo := file.Sys()
uid := sysInfo.(*syscall.Stat_t).Uid
user, err := user.LookupId(fmt.Sprintf("%d", uid))
if err != nil {
fmt.Fprintf(os.Stderr, "failed to get owner of file named '%s': %s", file.Name(), err)
continue
}
usernames = append(usernames, user.Username)
}
if len(usernames) == 0 {

Binary file not shown.