Product route: parseInt without NaN guard on route params

## Severity: Medium
## Category: Input Validation

### Description
In `api/src/routes/product.ts`, `parseInt(req.params.id)` is used on GET/:id, PUT/:id, and DELETE/:id without checking for `NaN`. Non-numeric input (e.g., `/api/products/abc`) silently returns `NaN`, causing `find()` to return `undefined` and the route to return 404 — which masks what should be a 400 Bad Request.

### Suggested Fix
Return 400 for non-numeric IDs:

```typescript
const id = parseInt(req.params.id, 10);
if (isNaN(id)) return res.status(400).json({ error: 'ID must be a number' });
```

### Affected File
- `api/src/routes/product.ts` (lines 109, 114, 123)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Product route: parseInt without NaN guard on route params #16

Severity: Medium

Category: Input Validation

Description

Suggested Fix

Affected File

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Product route: parseInt without NaN guard on route params #16

Description

Severity: Medium

Category: Input Validation

Description

Suggested Fix

Affected File

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions