Merge pull request #1152 from CVEProject/dr-958

Resolves issue #958 and #957 - Move away from validate-date to luxon
CVEProject · Dec 11, 2023 · 62bccb3 · 62bccb3
2 parents d09ead4 + 6fd5985
commit 62bccb3
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 18 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -43,6 +43,7 @@
         "JSONStream": "^1.3.5",
         "kleur": "^4.1.4",
         "lodash": "^4.17.21",
+        "luxon": "^3.4.4",
         "mongo-cursor-pagination": "^8.1.3",
         "mongoose": "^5.13.20",
         "mongoose-aggregate-paginate-v2": "1.0.6",
@@ -54,7 +55,6 @@
         "swagger-autogen": "^2.19.0",
         "swagger-ui-express": "^4.3.0",
         "uuid": "^8.3.2",
-        "validate-date": "^2.0.0",
         "validator": ">=13.7.0",
         "winston": "^3.2.1",
         "yamljs": "^0.3.0"

diff --git a/src/utils/utils.js b/src/utils/utils.js
@@ -1,7 +1,7 @@
 const Org = require('../model/org')
 const User = require('../model/user')
 const getConstants = require('../constants').getConstants
-const validateDate = require('validate-date')
+const { DateTime } = require('luxon')
 
 async function getOrgUUID (shortName) {
   const org = await Org.findOne().byShortName(shortName)
@@ -140,16 +140,13 @@ function toDate (val) {
   if (value) {
     const dateStr = value[0]
     // Make sure that the string passed is a valid date
-    // eslint doesn't like that responseType is not defined, but it is needed as is
-    /* eslint-disable-next-line */
-    const valid = validateDate(dateStr.toString().substring(0, 10), responseType = 'boolean')
-    if (valid) {
+    if (DateTime.fromISO(dateStr.toString()).isValid) {
       result = new Date(dateStr)
     }
   } else {
     value = val.match(/^\d{4}-\d{2}-\d{2}$/)
     /* eslint-disable-next-line */
-    if ((value) && (validateDate(value.toString().substring(0, 10), responseType = 'boolean'))) {
+    if ((value) && DateTime.fromISO(dateStr.toString()).isValid) {
       result = new Date(`${value[0]}T00:00:00.000+00:00`)
     }
   }

diff --git a/test/integration-tests/cve-id/getCveIdTest.js b/test/integration-tests/cve-id/getCveIdTest.js
@@ -100,5 +100,26 @@ describe('Testing Get CVE-ID endpoint', () => {
           expect(res.body.cve_ids).to.have.length(PUB_YEAR_COUNT)
         })
     })
+    it('Z format should be be valid', async () => {
+      await chai.request(app)
+        .get('/api/cve-id?time_modified.gt=2024-01-15T00:00:01-02:00')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(200)
+        })
+    })
+  })
+  context('negative tests', () => {
+    it('Feb 29 2100 should not be valid', async () => {
+      await chai.request(app)
+        .get('/api/cve-id?time_modified.gt=2100-02-29T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(400)
+          expect(res.body.error).to.contain('BAD_INPUT')
+        })
+    })
   })
 })