From 23c720a780d0204ec34a82df2f59395733c5efd0 Mon Sep 17 00:00:00 2001 From: david-rocca Date: Thu, 13 Jul 2023 15:12:44 -0400 Subject: [PATCH 1/2] #818 fixed reg ex to catch out of scope vars --- src/utils/utils.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils/utils.js b/src/utils/utils.js index cebeeda90..2f0029f77 100644 --- a/src/utils/utils.js +++ b/src/utils/utils.js @@ -134,7 +134,7 @@ function booleanIsTrue (val) { // Sanitizer for dates function toDate (val) { val = val.toUpperCase() - let value = val.match(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?(|Z|((-|\+)\d{2}:\d{2}))$/) + let value = val.match(/^\d{4}-\d{2}-\d{2}T(?:0?[0-9]|1[0-9]|2[0-3]):(?:0[0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9]):(?:0[0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])(\.\d+)?(|Z|((-|\+)\d{2}:\d{2}))$/) let result = null if (value) { const dateStr = value[0] From 13a56cb37bf4a556ec9f7c08b9efe80676894b4a Mon Sep 17 00:00:00 2001 From: david-rocca Date: Thu, 13 Jul 2023 15:12:57 -0400 Subject: [PATCH 2/2] #818 added test cases --- test/integration-tests/cve/getCveDateTest.js | 113 +++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 test/integration-tests/cve/getCveDateTest.js diff --git a/test/integration-tests/cve/getCveDateTest.js b/test/integration-tests/cve/getCveDateTest.js new file mode 100644 index 000000000..a8700158f --- /dev/null +++ b/test/integration-tests/cve/getCveDateTest.js @@ -0,0 +1,113 @@ +/* eslint-disable no-unused-expressions */ + +const chai = require('chai') +chai.use(require('chai-http')) +const expect = chai.expect + +const constants = require('../constants.js') +const app = require('../../../src/index.js') + +describe('Test time_modified for get CVE', () => { + context('Negative Tests', () => { + it('Get CVE should fail if time_modified.gt is given a date with an invalid month', async () => { + await chai.request(app) + .get('/api/cve?time_modified.gt=2022-13-01T00:00:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.lt is given a date with an invalid month', async () => { + await chai.request(app) + .get('/api/cve?time_modified.lt=2022-13-01T00:00:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.lt is given a date with an invalid day', async () => { + await chai.request(app) + .get('/api/cve?time_modified.lt=2022-01-32T00:00:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.gt is given a date with an invalid day', async () => { + await chai.request(app) + .get('/api/cve?time_modified.gt=2022-01-32T00:00:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.gt is given a date with invalid hours', async () => { + await chai.request(app) + .get('/api/cve?time_modified.gt=2022-01-01T25:00:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.lt is given a date with invalid hours', async () => { + await chai.request(app) + .get('/api/cve?time_modified.lt=2022-01-01T25:00:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.gt is given a date with invalid minutes', async () => { + await chai.request(app) + .get('/api/cve?time_modified.gt=2022-01-01T00:61:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.lt is given a date with invalid minutes', async () => { + await chai.request(app) + .get('/api/cve?time_modified.lt=2022-01-01T00:61:00Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.gt is given a date with invalid seconds', async () => { + await chai.request(app) + .get('/api/cve?time_modified.gt=2022-01-01T00:00:61Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + it('Get CVE should fail if time_modified.lt is given a date with invalid seconds', async () => { + await chai.request(app) + .get('/api/cve?time_modified.lt=2022-01-01T00:00:61Z') + .set(constants.headers) + .then((res, err) => { + expect(err).to.be.undefined + expect(res).to.have.status(400) + expect(res.body.message).to.contain('Parameters were invalid') + }) + }) + }) +})