sift icon indicating copy to clipboard operation
sift copied to clipboard
verified publisher icon procore

Improve DateTime validation

Open amayer171 opened this issue 7 years ago • 2 comments

Date, Datetime, and Time validation is lacking. https://github.com/procore/brita/blob/master/lib/brita/type_validator.rb#L4

It currently matches a very generic range pattern that may lead to a database error when trying to parse an input value.

Here is an example: datetime = DateTime.new(2016,12,24).to_s => "2016-12-24T00:00:00+00:00"

Constructing a query in postman with this value causes an error: ?filters[updated_at]=2016-12-24T00:00:00+00:00...2016-12-29T12:16:44+00:00

On the server this gets parsed into: "filters"=>{"updated_at"=>"2016-12-24T00:00:00 00:00...2016-12-29T12:16:44 00:00"}

  • Note that + gets replaced with a blank space character.

This passes the range pattern but fails at the database leading to a 500 error.

amayer171 avatar May 09 '18 18:05 amayer171

Yes! we implicitly support ISO8601 only because that is all we test and what we document, but the thing that makes this hard is we use rails controller validations so we are limited by what that allows. If you can figure out how to enforce ISO8601 in a rails controller validation, we should totally do it.

HParker avatar May 09 '18 20:05 HParker

A start is the C source that ruby uses here: https://ruby-doc.org/stdlib-2.1.1/libdoc/time/rdoc/Time.html#method-c-xmlschema

We might be able to steal the regex from there.

HParker avatar May 09 '18 20:05 HParker