(5.0) fix date parsing to disallow invalid types and formats (#99)

eli-darkly · web-flow · commit d1514c558abd · 2022-10-05T10:11:11.000-07:00
* fix date parsing to disallow invalid types and formats

* lint
diff --git a/src/LaunchDarkly/Impl/Model/Operators.php b/src/LaunchDarkly/Impl/Model/Operators.php
@@ -3,7 +3,7 @@
 namespace LaunchDarkly\Impl\Model;
 
 use DateTime;
-use DateTimeZone;
+use DateTimeInterface;
 use Exception;
 use LaunchDarkly\Impl\SemanticVersion;
 use LaunchDarkly\Impl\Util;
@@ -149,22 +149,26 @@ public static function is_numeric($value): bool
      */
     public static function parseTime($in)
     {
-        if (is_numeric($in)) {
+        if (is_string($in)) {
+            $dateTime = DateTime::createFromFormat(DateTimeInterface::RFC3339_EXTENDED, $in);
+            if ($dateTime == null) {
+                // try the same format but without fractional seconds
+                $dateTime = DateTime::createFromFormat(DateTimeInterface::RFC3339, $in);
+            }
+            if ($dateTime == null) {
+                return null;
+            }
+            return Util::dateTimeToUnixMillis($dateTime);
+        }
+
+        if (is_numeric($in)) { // check this after is_string, because a numeric string would return true
             return $in;
         }
 
         if ($in instanceof DateTime) {
             return Util::dateTimeToUnixMillis($in);
         }
 
-        if (is_string($in)) {
-            try {
-                $dateTime = new DateTime($in, new DateTimeZone('UTC'));
-                return Util::dateTimeToUnixMillis($dateTime);
-            } catch (Exception $e) {
-                return null;
-            }
-        }
         return null;
     }
 
diff --git a/tests/Impl/Model/OperatorsTest.php b/tests/Impl/Model/OperatorsTest.php
@@ -51,7 +51,13 @@ public function testParseTime()
         $this->assertEquals(1001, Operators::parseTime("1970-01-01T00:00:01.001Z"));
 
 
+        $this->assertEquals(null, Operators::parseTime(null));
+        $this->assertEquals(null, Operators::parseTime(true));
+        $this->assertEquals(null, Operators::parseTime(""));
+        $this->assertEquals(null, Operators::parseTime("100"));
         $this->assertEquals(null, Operators::parseTime("NOT A REAL TIMESTAMP"));
+        $this->assertEquals(null, Operators::parseTime("1970-01-01"));    // RFC3339 requires both date and time
+        $this->assertEquals(null, Operators::parseTime("00:00:01.001Z")); // ditto
         $this->assertEquals(null, Operators::parseTime([]));
     }
 
@@ -121,7 +127,7 @@ public function comparisonOperators(): array
             ["greaterThanOrEqual", 100, "200", false],
             ["greaterThanOrEqual", 100, true, false],
             ["greaterThanOrEqual", true, 100, false],
-            ["greaterThanOrEqual", true, true, false],
+            ["greaterThanOrEqual", true, true, false]
         ];
     }
 
