Merge pull request #1099 from CVEProject/dr-818

Resolves #818 - Better Errors for Bad dates in time_modified
CVEProject · Jul 14, 2023 · 55fc8be · 55fc8be
2 parents ef2e7f6 + 13a56cb
commit 55fc8be
Show file tree

Hide file tree

Showing 2 changed files with 114 additions and 1 deletion.
diff --git a/src/utils/utils.js b/src/utils/utils.js
@@ -134,7 +134,7 @@ function booleanIsTrue (val) {
 // Sanitizer for dates
 function toDate (val) {
   val = val.toUpperCase()
-  let value = val.match(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?(|Z|((-|\+)\d{2}:\d{2}))$/)
+  let value = val.match(/^\d{4}-\d{2}-\d{2}T(?:0?[0-9]|1[0-9]|2[0-3]):(?:0[0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9]):(?:0[0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])(\.\d+)?(|Z|((-|\+)\d{2}:\d{2}))$/)
   let result = null
   if (value) {
     const dateStr = value[0]

diff --git a/test/integration-tests/cve/getCveDateTest.js b/test/integration-tests/cve/getCveDateTest.js
@@ -0,0 +1,113 @@
+/* eslint-disable no-unused-expressions */
+
+const chai = require('chai')
+chai.use(require('chai-http'))
+const expect = chai.expect
+
+const constants = require('../constants.js')
+const app = require('../../../src/index.js')
+
+describe('Test time_modified for get CVE', () => {
+  context('Negative Tests', () => {
+    it('Get CVE should fail if time_modified.gt is given a date with an invalid month', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.gt=2022-13-01T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.lt is given a date with an invalid month', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.lt=2022-13-01T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.lt is given a date with an invalid day', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.lt=2022-01-32T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.gt is given a date with an invalid day', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.gt=2022-01-32T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.gt is given a date with invalid hours', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.gt=2022-01-01T25:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.lt is given a date with invalid hours', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.lt=2022-01-01T25:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.gt is given a date with invalid minutes', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.gt=2022-01-01T00:61:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.lt is given a date with invalid minutes', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.lt=2022-01-01T00:61:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.gt is given a date with invalid seconds', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.gt=2022-01-01T00:00:61Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+    it('Get CVE should fail if time_modified.lt is given a date with invalid seconds', async () => {
+      await chai.request(app)
+        .get('/api/cve?time_modified.lt=2022-01-01T00:00:61Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.contain('Parameters were invalid')
+        })
+    })
+  })
+})