Skip to content

fix(sanitizeStatusCode): return default for non-numeric input instead of NaN#1422

Open
greymoth-jp wants to merge 1 commit into
h3js:v1from
greymoth-jp:fix/sanitize-status-code-nan
Open

fix(sanitizeStatusCode): return default for non-numeric input instead of NaN#1422
greymoth-jp wants to merge 1 commit into
h3js:v1from
greymoth-jp:fix/sanitize-status-code-nan

Conversation

@greymoth-jp

Copy link
Copy Markdown
Contributor

sanitizeStatusCode accepts string | number and parses strings with Number.parseInt. For a non-numeric string Number.parseInt returns NaN, and NaN slips through the range check because every comparison with NaN is false:

sanitizeStatusCode("abc"); // -> NaN  (expected 200)

So an invalid code can reach createError (err.statusCode = sanitizeStatusCode(input.statusCode, ...)) and the response helpers (event.node.res.statusCode = sanitizeStatusCode(...)), where a NaN status is no longer a valid HTTP status.

This is the same issue that was fixed for v2 on main in #1420; this backports the guard to the v1 line. The Number.parseInt behaviour and the 100..999 range are unchanged, I only added the Number.isNaN check:

if (Number.isNaN(statusCode) || statusCode < 100 || statusCode > 999) {
  return defaultStatusCode;
}

Added a unit test covering valid codes, out-of-range codes and non-numeric strings. It fails before the change (returns NaN) and passes after.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6f62c82a-a395-4077-83a3-d0150002b415

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@pi0 pi0 added the v1 label Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants