heroku · schneems · May 28, 2025 · May 28, 2025 · May 28, 2025 · May 28, 2025
@@ -13,7 +13,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - libcnb:
   - Order of automatically applied environment variables by libcnb, such as `PATH=<layer>/bin`, now matches the upstream CNB lifecycle. ([#938](https://github.com/heroku/libcnb.rs/pull/938))
-
+- libherokubuildpack:
+  - The `download_file` function now errors if bytes received does not match the content length header. ([#947](https://github.com/heroku/libcnb.rs/pull/947))
 
 ## [0.29.0] - 2025-05-02
 

@@ -19,7 +19,7 @@ workspace = true
 
 [features]
 default = ["command", "download", "digest", "error", "inventory", "log", "inventory-semver", "inventory-sha2", "tar", "toml", "fs", "write"]
-download = ["dep:ureq", "dep:thiserror"]
+download = ["dep:ureq", "dep:thiserror", "dep:http"]
 digest = ["dep:sha2"]
 error = ["log", "dep:libcnb"]
 inventory = ["dep:hex", "dep:serde", "dep:thiserror", "dep:toml"]
@@ -41,6 +41,7 @@ crossbeam-utils = { version = "0.8.21", optional = true }
 # As such we have to use the next best alternate backend, which is `zlib`.
 flate2 = { version = "1.1.1", default-features = false, features = ["zlib"], optional = true }
 hex = { version = "0.4.3", optional = true }
+http = { version = "1", optional = true }
 libcnb = { workspace = true, optional = true }
 pathdiff = { version = "0.2.3", optional = true }
 semver = { version = "1.0.26", features = ["serde"], optional = true }

@@ -1,3 +1,5 @@
+use http::{HeaderName, header::CONTENT_LENGTH};
+use std::num::ParseIntError;
 use std::{fs, io};
 
 #[derive(thiserror::Error, Debug)]
@@ -8,6 +10,35 @@ pub enum DownloadError {
 
     #[error("I/O error while downloading file: {0}")]
     IoError(#[from] std::io::Error),
+
+    #[error("Missing required header: `{0}`")]
+    MissingRequiredHeader(HeaderName),
+
+    #[error("Failed to convert header value for `{0}` into a string")]
+    HeaderEncodingError(HeaderName),
+
+    #[error("Cannot parse into an integer: {0}")]
+    CannotParseInteger(ParseIntError),
+
+    #[error("Expected `{expected}` bytes received `{received}`")]
+    UnexpectedBytes {
+        expected: u64,
+        received: u64,
+        path_deleted: Result<(), std::io::Error>,
+    },
+}
+
+impl DownloadError {
+    /// Do not suggest a retry if the failure is due to disk error or if the path could not be cleaned
+    pub fn retry_suggested(&self) -> bool {
+        !matches!(
+            self,
+            DownloadError::UnexpectedBytes {
+                path_deleted: Err(_),
+                ..
+            } | DownloadError::IoError(_)
+        )
+    }
 }
 
 /// Downloads a file via HTTP(S) to a local path
@@ -32,9 +63,27 @@ pub fn download_file(
     destination: impl AsRef<std::path::Path>,
 ) -> Result<(), DownloadError> {
     let response = ureq::get(uri.as_ref()).call().map_err(Box::new)?;
-    let mut reader = response.into_body().into_reader();
-    let mut file = fs::File::create(destination.as_ref())?;
-    io::copy(&mut reader, &mut file)?;
+    let expected: u64 = response
+        .headers()
+        .get(CONTENT_LENGTH)
+        .ok_or_else(|| DownloadError::MissingRequiredHeader(CONTENT_LENGTH))?
+        .to_str()
+        .map_err(|_| DownloadError::HeaderEncodingError(CONTENT_LENGTH))?
+        .parse()
+        .map_err(DownloadError::CannotParseInteger)?;
 
-    Ok(())
+    let mut file = fs::File::create(destination.as_ref())?;
+    let received = io::copy(&mut response.into_body().into_reader(), &mut file)?;
+    // Ensure file is closed
+    drop(file);
+    if received == expected {
+        Ok(())
+    } else {
+        let path_deleted = fs::remove_file(&destination);
+        Err(DownloadError::UnexpectedBytes {
+            expected,
+            received,
+            path_deleted,
+        })
+    }
 }