fix(security): validate req.body is a Buffer before parsing pkt-lines

fabiovincenzi · fabiovincenzi · commit 6056c344493d · 2026-04-22T10:30:48.000+02:00
diff --git a/src/proxy/processors/pktLineParser.ts b/src/proxy/processors/pktLineParser.ts
@@ -23,6 +23,9 @@ import { PACKET_SIZE } from './constants';
  * @return {[string[], number]} An array containing the parsed lines and the offset after the last parsed line/flush packet.
  */
 export const parsePacketLines = (buffer: Buffer): [string[], number] => {
+  if (!Buffer.isBuffer(buffer)) {
+    throw new Error('parsePacketLines expected a Buffer');
+  }
   const lines: string[] = [];
   let offset = 0;
 
diff --git a/src/proxy/processors/push-action/parsePush.ts b/src/proxy/processors/push-action/parsePush.ts
@@ -57,6 +57,9 @@ async function exec(req: Request, action: Action): Promise<Action> {
     if (!req.body || req.body.length === 0) {
       throw new Error('No body found in request');
     }
+    if (!Buffer.isBuffer(req.body)) {
+      throw new Error('Request body must be a Buffer');
+    }
     const [packetLines, packDataOffset] = parsePacketLines(req.body);
     const refUpdates = packetLines.filter((line) => line.includes(BRANCH_PREFIX));
 

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,9 @@ async function exec(req: Request, action: Action): Promise<Action> {`
`57`	`57`	`if (!req.body \|\| req.body.length === 0) {`
`58`	`58`	`throw new Error('No body found in request');`
`59`	`59`	`}`
	`60`	`+ if (!Buffer.isBuffer(req.body)) {`
	`61`	`+ throw new Error('Request body must be a Buffer');`
	`62`	`+ }`
`60`	`63`	`const [packetLines, packDataOffset] = parsePacketLines(req.body);`
`61`	`64`	`const refUpdates = packetLines.filter((line) => line.includes(BRANCH_PREFIX));`
`62`	`65`