From 956fc79f7db376ca48c428bbc719b80ac035c09d Mon Sep 17 00:00:00 2001
From: whywaita <whywaita@whywrite.it>
Date: Mon, 9 Sep 2024 16:05:15 +0900
Subject: [PATCH] Check plugin binary response valid binary

---
 pkg/config/init.go | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/pkg/config/init.go b/pkg/config/init.go
index 0b796dc..fa2bea6 100644
--- a/pkg/config/init.go
+++ b/pkg/config/init.go
@@ -201,8 +201,15 @@ func LoadPluginPath() string {
 }
 
 func checkBinary(p string) (string, error) {
-	if _, err := os.Stat(p); err != nil {
-		return "", fmt.Errorf("failed to stat file: %w", err)
+	f, err := os.ReadFile(p)
+	if err != nil {
+		return "", fmt.Errorf("failed to open file: %w", err)
+	}
+
+	// check binary type
+	mineType := http.DetectContentType(f)
+	if !strings.EqualFold(mineType, "application/octet-stream") {
+		return "", fmt.Errorf("invalid file type (correct: application/octet-stream got: %s)", mineType)
 	}
 
 	// need permission of execute
@@ -272,11 +279,12 @@ func fetchHTTP(u *url.URL) (string, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode == http.StatusOK {
-		_, err := io.Copy(f, resp.Body)
-		if err != nil {
-			return "", fmt.Errorf("failed to write file (path: %s): %w", fp, err)
-		}
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("failed to get config via HTTP(S): status code is not 200 (status code: %d)", resp.StatusCode)
+	}
+
+	if _, err := io.Copy(f, resp.Body); err != nil {
+		return "", fmt.Errorf("failed to write file (path: %s): %w", fp, err)
 	}
 
 	return fp, nil