From 76e4f3304bd99bdde5ff31f4119502677a0847e2 Mon Sep 17 00:00:00 2001
From: ArqamFarooqui110719 <md.farooqui@india.nec.com>
Date: Thu, 13 Jun 2024 14:13:42 +0530
Subject: [PATCH 1/2] fix issue2303, invalid characters in dattime field

---
 CHANGES_NEXT_RELEASE                          |   3 +-
 src/lib/common/globals.cpp                    |  11 +
 ...s_with_invalid_date_values_in_expires.test | 312 ++++++++++++++++++
 3 files changed, 325 insertions(+), 1 deletion(-)
 create mode 100644 test/functionalTest/cases/2303_subs_with_invalid_expires_dates/subs_with_invalid_date_values_in_expires.test

diff --git a/CHANGES_NEXT_RELEASE b/CHANGES_NEXT_RELEASE
index 4c5c912cb9..60db2f151f 100644
--- a/CHANGES_NEXT_RELEASE
+++ b/CHANGES_NEXT_RELEASE
@@ -1,2 +1,3 @@
 - Fix: wrong date values should not allowed in subscription's expires field (#4541)
-- Fix: do not raise DB alarm in case of wrong GeoJSON in client request
\ No newline at end of file
+- Fix: do not raise DB alarm in case of wrong GeoJSON in client request
+- Fix: invalid date in expires field of subscription (#2303)
diff --git a/src/lib/common/globals.cpp b/src/lib/common/globals.cpp
index 2bc490b004..50e761cf83 100644
--- a/src/lib/common/globals.cpp
+++ b/src/lib/common/globals.cpp
@@ -609,6 +609,17 @@ double parse8601Time(const std::string& ss)
     return -1;
   }
 
+  // The following 'for' loop is implemented to handle a specific datetime case where the datetime string
+  // is '2016-04-05T14:10:0x.00Z'. This particular case is being incorrectly PASS through the
+  // sscanf() function i.e. used next to this 'for' loop.
+  for (char c : ss)
+  {
+    if (std::isalpha(c) && c != 'T' && c != 'Z')
+    {
+      return -1;
+    }
+  }
+
   // According to https://en.wikipedia.org/wiki/ISO_8601#Times, the following formats have to be supported
   //
   // hh:mm:ss.sss or  hhmmss.sss
diff --git a/test/functionalTest/cases/2303_subs_with_invalid_expires_dates/subs_with_invalid_date_values_in_expires.test b/test/functionalTest/cases/2303_subs_with_invalid_expires_dates/subs_with_invalid_date_values_in_expires.test
new file mode 100644
index 0000000000..8405f61811
--- /dev/null
+++ b/test/functionalTest/cases/2303_subs_with_invalid_expires_dates/subs_with_invalid_date_values_in_expires.test
@@ -0,0 +1,312 @@
+# Copyright 2024 Telefonica Investigacion y Desarrollo, S.A.U
+#
+# This file is part of Orion Context Broker.
+#
+# Orion Context Broker is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Orion Context Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
+#
+# For those usages not covered by this license please contact with
+# iot_support at tid dot es
+
+# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh
+
+--NAME--
+Subscriptions with invalid date formats in 'expires' field
+
+--SHELL-INIT--
+dbInit CB
+brokerStart CB
+
+--SHELL--
+
+#
+# 01. Create a subscription with expires date with an invalid character in 'seconds' field, see error
+# 02. Create a subscription with expires date with an invalid character(,), see error
+# 03. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+# 04. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+# 05. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+# 06. Create a subscription with an valid date value in 'expires' field, (success case)
+#
+
+
+echo "01. Create a subscription with expires date with an invalid character in 'seconds' field, see error"
+echo "==================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:0x.00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "02. Create a subscription with expires date with an invalid character(,), see error"
+echo "==================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00,00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "03. Create a subscription with expires date with an invalid character in 'millisecond' field, see error"
+echo "======================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00.h00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "04. Create a subscription with expires date with an invalid character in 'millisecond' field, see error"
+echo "======================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00.0h0Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "05. Create a subscription with expires date with an invalid character in 'millisecond' field, see error"
+echo "======================================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2016-04-05T14:10:00.,00L"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+echo "06. Create a subscription with an valid date value in 'expires' field, (success case)"
+echo "====================================================================================="
+payload='{
+  "subject": {
+    "entities": [
+      {
+        "id": "Room1",
+        "type": "Room"
+      }
+    ],
+    "condition": {
+      "attrs": [
+        "pressure"
+      ]
+    }
+  },
+  "notification": {
+    "http": {
+      "url": "http://localhost:'$LISTENER_PORT'/notify"
+    },
+    "attrs": [
+      "pressure"
+    ]
+  },
+  "expires": "2025-12-31T23:59:59.00Z"
+}'
+orionCurl --url /v2/subscriptions --payload "$payload"
+echo
+echo
+
+
+--REGEXPECT--
+01. Create a subscription with expires date with an invalid character in 'seconds' field, see error
+===================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+02. Create a subscription with expires date with an invalid character(,), see error
+===================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+03. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+04. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+05. Create a subscription with expires date with an invalid character in 'millisecond' field, see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 68
+
+{
+    "description": "expires has an invalid format",
+    "error": "BadRequest"
+}
+
+
+06. Create a subscription with an valid date value in 'expires' field, (success case)
+=====================================================================================
+HTTP/1.1 201 Created
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Location: /v2/subscriptions/REGEX([0-9a-f]{24})
+Content-Length: 0
+
+
+
+--TEARDOWN--
+brokerStop CB
+dbDrop CB
+

From d0fb1aaea9137af4664ff370607bfb5be538526a Mon Sep 17 00:00:00 2001
From: ArqamFarooqui110719 <md.farooqui@india.nec.com>
Date: Thu, 29 Aug 2024 11:16:25 +0530
Subject: [PATCH 2/2] updated code as per comment

---
 src/lib/common/globals.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/common/globals.cpp b/src/lib/common/globals.cpp
index 50e761cf83..ec8be53148 100644
--- a/src/lib/common/globals.cpp
+++ b/src/lib/common/globals.cpp
@@ -26,6 +26,7 @@
 #include <stdint.h>
 #include <math.h>
 #include <stdio.h>
+#include <ctype.h>
 
 #include <string>
 
@@ -612,9 +613,10 @@ double parse8601Time(const std::string& ss)
   // The following 'for' loop is implemented to handle a specific datetime case where the datetime string
   // is '2016-04-05T14:10:0x.00Z'. This particular case is being incorrectly PASS through the
   // sscanf() function i.e. used next to this 'for' loop.
-  for (char c : ss)
+  for (int i = 0; ss[i] != '\0'; i++)
   {
-    if (std::isalpha(c) && c != 'T' && c != 'Z')
+    char c = ss[i];
+    if (isalpha(c) && c != 'T' && c != 'Z')
     {
       return -1;
     }