fix Issue2303, invalid characters in datetime field

CHANGES_NEXT_RELEASE

@@ -1,2 +1,3 @@
 - Fix: wrong date values should not allowed in subscription's expires field (#4541)
-- Fix: do not raise DB alarm in case of wrong GeoJSON in client request
+- Fix: do not raise DB alarm in case of wrong GeoJSON in client request
+- Fix: invalid date in expires field of subscription (#2303)

src/lib/common/globals.cpp

@@ -609,6 +609,17 @@ double parse8601Time(const std::string& ss)
     return -1;
   }
 
+  // The following 'for' loop is implemented to handle a specific datetime case where the datetime string
+  // is '2016-04-05T14:10:0x.00Z'. This particular case is being incorrectly PASS through the
+  // sscanf() function i.e. used next to this 'for' loop.
+  for (char c : ss)
+  {
+    if (std::isalpha(c) && c != 'T' && c != 'Z')
+    {
+      return -1;
+    }
+  }
+
   // According to https://en.wikipedia.org/wiki/ISO_8601#Times, the following formats have to be supported
   //
   // hh:mm:ss.sss or  hhmmss.sss

test/functionalTest/cases/2303_subs_with_invalid_expires_dates/subs_with_invalid_date_values_in_expires.test

@@ -0,0 +1,312 @@
+# Copyright 2024 Telefonica Investigacion y Desarrollo, S.A.U
+#
+# This file is part of Orion Context Broker.
+#
+# Orion Context Broker is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Orion Context Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
+#
+# For those usages not covered by this license please contact with
+# iot_support at tid dot es
+
+# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh
+
+--NAME--
+Subscriptions with invalid date formats in 'expires' field
+
+--SHELL-INIT--
+dbInit CB
+brokerStart CB
+
+--SHELL--
+
+#
+# 01. Create a subscription with expires date with an invalid character in 'seconds' field, see error
+# 02. Create a subscription with expires date with an invalid character(,), see error
+# 03. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+# 04. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+# 05. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+# 06. Create a subscription with an valid date value in 'expires' field, (success case)
+#
+
+
+echo "01. Create a subscription with expires date with an invalid character in 'seconds' field, see error"
+echo "==================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:0x.00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "02. Create a subscription with expires date with an invalid character(,), see error"
+echo "==================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00,00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "03. Create a subscription with expires date with an invalid character in 'millisecond' field, see error"
+echo "======================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00.h00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "04. Create a subscription with expires date with an invalid character in 'millisecond' field, see error"
+echo "======================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00.0h0Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "05. Create a subscription with expires date with an invalid character in 'millisecond' field, see error"
+echo "======================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00.,00L"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "06. Create a subscription with an valid date value in 'expires' field, (success case)"
+echo "====================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2025-12-31T23:59:59.00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+--REGEXPECT--
+01. Create a subscription with expires date with an invalid character in 'seconds' field, see error
+===================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+02. Create a subscription with expires date with an invalid character(,), see error
+===================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+03. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+04. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+05. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+06. Create a subscription with an valid date value in 'expires' field, (success case)
+=====================================================================================
+HTTP/1.1 201 Created
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Location: /v2/subscriptions/REGEX([0-9a-f]{24})
+Content-Length: 0
+
+
+
+--TEARDOWN--
+brokerStop CB
+dbDrop CB
+