From 181ad26a5521d62490c15256b847ca2d00db1339 Mon Sep 17 00:00:00 2001
From: Arun Ajith S <aajith@arista.com>
Date: Tue, 2 Jan 2024 06:28:45 +0000
Subject: [PATCH] Add validation for file format of downloaded upstream files

---
 impl/create_srpm.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/impl/create_srpm.go b/impl/create_srpm.go
index 80b6e2b..6485909 100644
--- a/impl/create_srpm.go
+++ b/impl/create_srpm.go
@@ -192,6 +192,13 @@ func (bldr *srpmBuilder) verifyUpstreamSrpm() error {
 			bldr.errPrefix)
 	}
 
+	// Check if downloaded file is a valid rpm
+	err := util.RunSystemCmd("rpm", "-q", "-p", upstreamSrpmFilePath)
+	if err != nil {
+		return fmt.Errorf("%sDownloaded SRPM file is not a valid rpm: %s",
+			bldr.errPrefix, err)
+	}
+
 	if !upstreamSrc.skipSigCheck {
 		if err := util.VerifyRpmSignature(upstreamSrpmFilePath, bldr.errPrefix); err != nil {
 			return err