From 43a5a367043bab3ce57331e8097bdc46e540f918 Mon Sep 17 00:00:00 2001 From: Shivam Sharma Date: Fri, 27 Jun 2025 12:36:40 +0530 Subject: [PATCH 1/3] fix(req): validate req.range size Signed-off-by: Shivam Sharma --- lib/request.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/request.js b/lib/request.js index 63e0c1cd607..fb7212ae371 100644 --- a/lib/request.js +++ b/lib/request.js @@ -195,10 +195,14 @@ req.acceptsLanguages = function(...languages) { * @param {object} [options] * @param {boolean} [options.combine=false] * @return {number|array} + * @throws {TypeError} * @public */ req.range = function range(size, options) { + if (!Number.isInteger(size) || size < 0) { + throw new TypeError('size must be a non-negative integer to req.range'); + } var range = this.get('Range'); if (!range) return; return parseRange(size, range, options); From 9a00de423ba0d25c41a86b668a4090cfea467f3a Mon Sep 17 00:00:00 2001 From: Shivam Sharma Date: Sat, 28 Jun 2025 11:33:36 +0530 Subject: [PATCH 2/3] include test --- test/req.range.js | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/test/req.range.js b/test/req.range.js index 111441736eb..867970bcfc1 100644 --- a/test/req.range.js +++ b/test/req.range.js @@ -44,6 +44,26 @@ describe('req', function(){ .expect(200, '[{"start":0,"end":74}]', done) }) + it('should throw TypeError for invalid size', function () { + var app = express(); + + app.use(function (req, res) { + try { + req.range(-1); + } catch (err) { + res.status(500).send(err.name + ': ' + err.message); + return; + } + res.send('no error'); + }); + + return request(app) + .get('/') + .set('Range', 'bytes=0-10') + .expect(500) + .expect(/TypeError: size must be a non-negative integer to req\.range/); + }); + it('should have a .type', function (done) { var app = express() From 8054e78e803b045a2a32e7ad88974b6039983fa5 Mon Sep 17 00:00:00 2001 From: Shivam Sharma Date: Tue, 15 Jul 2025 19:08:40 +0530 Subject: [PATCH 3/3] test: various non-integer --- test/req.range.js | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/test/req.range.js b/test/req.range.js index 867970bcfc1..0d92c142b53 100644 --- a/test/req.range.js +++ b/test/req.range.js @@ -64,6 +64,41 @@ describe('req', function(){ .expect(/TypeError: size must be a non-negative integer to req\.range/); }); + it('should throw TypeError for various invalid size types', function () { + var app = express(); + var testCases = [ + { value: 'string', label: 'string' }, + { value: {}, label: 'object' }, + { value: [], label: 'array' }, + { value: null, label: 'null' }, + { value: undefined, label: 'undefined' }, + { value: 1.5, label: 'float' }, + { value: NaN, label: 'NaN' }, + { value: Infinity, label: 'Infinity' } + ]; + + app.use(function (req, res) { + var type = req.query.type; + var value = testCases.find(c => c.label === type).value; + + try { + req.range(value); + res.send('no error'); + } catch (err) { + res.status(500).send(err.name + ': ' + err.message); + } + }); + + // Run all tests in sequence + return Promise.all(testCases.map(function (testCase) { + return request(app) + .get('/?type=' + testCase.label) + .set('Range', 'bytes=0-10') + .expect(500) + .expect(/TypeError: size must be a non-negative integer to req\.range/); + })); + }); + it('should have a .type', function (done) { var app = express()