fix(local): forward child exit code, validate content-encoding, strip control chars

MathurAditya724 · MathurAditya724 · commit ca3356ee1c1b · 2026-05-20T15:17:22.000Z
- run: set process.exitCode directly instead of EXIT.GENERAL so
  callers can distinguish the child's error type.
- server: validate content-encoding header against known values
  before passing to pushToSpotlightBuffer.
- sanitize: strip C0 control characters (BEL, BS, etc.) in addition
  to ANSI escapes and newlines.
diff --git a/src/commands/local/run.ts b/src/commands/local/run.ts
@@ -157,7 +157,11 @@ export const runCommand = buildCommand({
     }
 
     if (exitCode !== 0) {
-      throw new CliError(`Process exited with code ${exitCode}`, EXIT.GENERAL);
+      // Forward the child's exit code directly so callers (CI, scripts)
+      // can distinguish error types. We set process.exitCode instead of
+      // throwing CliError to avoid mapping to the CLI's semantic exit
+      // code schema.
+      process.exitCode = exitCode;
     }
   },
 });
diff --git a/src/commands/local/server.ts b/src/commands/local/server.ts
@@ -181,11 +181,14 @@ export function buildApp(
     ) {
       contentType = SENTRY_CONTENT_TYPE;
     }
-    const contentEncoding = c.req.header("content-encoding") as
-      | "gzip"
-      | "deflate"
-      | "br"
-      | undefined;
+    const rawEncoding = c.req.header("content-encoding");
+    const contentEncoding = (
+      rawEncoding === "gzip" ||
+      rawEncoding === "deflate" ||
+      rawEncoding === "br"
+        ? rawEncoding
+        : undefined
+    ) as "gzip" | "deflate" | "br" | undefined;
     const userAgent = c.req.header("user-agent");
 
     pushToSpotlightBuffer({
diff --git a/src/lib/formatters/local.ts b/src/lib/formatters/local.ts
@@ -3,9 +3,14 @@
 import { blue, bold, cyan, green, muted, red, yellow } from "./colors.js";
 import { stripAnsi } from "./plain-detect.js";
 
-/** Strip ANSI escapes and collapse newlines so envelope fields can't inject fake log lines. */
+/**
+ * Strip ANSI escapes, collapse newlines, and remove C0 control characters
+ * so envelope fields can't inject fake log lines or terminal commands.
+ */
 export function sanitize(text: string): string {
-  return stripAnsi(text).replace(/[\r\n]+/g, " ");
+  const stripped = stripAnsi(text).replace(/[\r\n]+/g, " ");
+  // biome-ignore lint/suspicious/noControlCharactersInRegex: stripping C0 control chars from untrusted envelope data
+  return stripped.replace(/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g, "");
 }
 
 /** Canonical content type for Sentry envelopes. */

Original file line number	Diff line number	Diff line change
`@@ -157,7 +157,11 @@ export const runCommand = buildCommand({`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`if (exitCode !== 0) {`
`160`		- throw new CliError(`Process exited with code ${exitCode}`, EXIT.GENERAL);
	`160`	`+ // Forward the child's exit code directly so callers (CI, scripts)`
	`161`	`+ // can distinguish error types. We set process.exitCode instead of`
	`162`	`+ // throwing CliError to avoid mapping to the CLI's semantic exit`
	`163`	`+ // code schema.`
	`164`	`+ process.exitCode = exitCode;`
`161`	`165`	`}`
`162`	`166`	`},`
`163`	`167`	`});`