From 8beffdcb525bee72b22183f1e8583561a1050e42 Mon Sep 17 00:00:00 2001
From: fengmk2 <fengmk2@gmail.com>
Date: Thu, 12 Oct 2023 23:47:37 +0800
Subject: [PATCH 1/2] fix: set body parser error to status 400 by default

closes https://github.com/eggjs/egg/issues/5261
---
 .github/workflows/nodejs.yml            |  1 -
 config/config.default.js                |  9 ++++++++-
 test/app/middleware/body_parser.test.js | 20 ++++++++++++++++++--
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index d97e77e1cc..619f6872ca 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -14,4 +14,3 @@ jobs:
     with:
       os: 'ubuntu-latest, macos-latest, windows-latest'
       version: '14, 16, 18, 20'
-      install: 'npm i -g npminstall && npminstall'
diff --git a/config/config.default.js b/config/config.default.js
index 5b598e2d74..b5ab704cef 100644
--- a/config/config.default.js
+++ b/config/config.default.js
@@ -236,8 +236,15 @@ module.exports = appInfo => {
       depth: 5,
       parameterLimit: 1000,
     },
-    onerror(err) {
+    onerror(err, ctx) {
       err.message += ', check bodyParser config';
+      if (ctx.status === 404) {
+        // set default status to 400, meaning client bad request
+        ctx.status = 400;
+        if (!err.status) {
+          err.status = 400;
+        }
+      }
       throw err;
     },
   };
diff --git a/test/app/middleware/body_parser.test.js b/test/app/middleware/body_parser.test.js
index c0a60dd433..04f37833ec 100644
--- a/test/app/middleware/body_parser.test.js
+++ b/test/app/middleware/body_parser.test.js
@@ -1,5 +1,3 @@
-'use strict';
-
 const assert = require('assert');
 const querystring = require('querystring');
 const utils = require('../../utils');
@@ -82,6 +80,24 @@ describe('test/app/middleware/body_parser.test.js', () => {
       .expect(413);
   });
 
+  it('should 400 when GET with invalid body', async () => {
+    app.mockCsrf();
+    await app.httpRequest()
+      .get('/test/body_parser/user')
+      .set('content-type', 'application/json')
+      .set('content-encoding', 'gzip')
+      .expect(/unexpected end of file, check bodyParser config/)
+      .expect(400);
+
+    await app.httpRequest()
+      .get('/test/body_parser/user')
+      .set('content-type', 'application/json')
+      .set('content-encoding', 'gzip')
+      .send({ foo: 'a'.repeat(1024) })
+      .expect(/incorrect header check, check bodyParser config/)
+      .expect(400);
+  });
+
   it('should disable body parser', async () => {
     app1 = utils.app('apps/body_parser_testapp_disable');
     await app1.ready();

From 3f6bd877fe68e996cd1daa771c0716616b750927 Mon Sep 17 00:00:00 2001
From: fengmk2 <fengmk2@gmail.com>
Date: Thu, 12 Oct 2023 23:49:56 +0800
Subject: [PATCH 2/2] f

---
 .github/workflows/nodejs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 619f6872ca..d97e77e1cc 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -14,3 +14,4 @@ jobs:
     with:
       os: 'ubuntu-latest, macos-latest, windows-latest'
       version: '14, 16, 18, 20'
+      install: 'npm i -g npminstall && npminstall'