vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-04 05:44:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(discord): reject unsafe rate limit headers

Browse Source
This commit is contained in:
Peter Steinberger
2026-05-29 10:17:42 -04:00
parent 9ae38ac821
commit 0fa034ed6d
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/discord/src/internal/rest-routes.test.ts
View File

@@ -14,6 +14,14 @@ describe("Discord REST rate limit header parsing", () => {
expect(readHeaderNumber(headers, "X-RateLimit-Reset-After")).toBeUndefined();
});
it("rejects unsafe finite numeric header magnitudes", () => {
const headers = new Headers({
"X-RateLimit-Reset-After": "9007199254740993",
});
expect(readHeaderNumber(headers, "X-RateLimit-Reset-After")).toBeUndefined();
});
it("keeps decimal reset headers working", () => {
vi.useFakeTimers();
vi.setSystemTime(new Date("2026-05-28T12:00:00.000Z"));

4
extensions/discord/src/internal/rest-routes.ts
View File

@@ -32,7 +32,9 @@ export function readHeaderNumber(headers: Headers, name: string): number | undef
return undefined;
}
const parsed = Number(trimmed);
return Number.isFinite(parsed) ? parsed : undefined;
return Number.isFinite(parsed) && Math.abs(parsed) <= Number.MAX_SAFE_INTEGER
? parsed
: undefined;
}
export function readResetAt(response: Response): number | undefined {