From 6e6ffb7b2427cae8d1200008ad0542cce81db29c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20H=C3=B6rist?= Date: Sat, 25 Nov 2023 12:41:37 +0100 Subject: fix: DateTime: Be more strict with parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don’t parse timestamps which may fail conversion to different timezones --- nbxmpp/modules/date_and_time.py | 5 +++++ test/unit/test_datetime_parsing.py | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/nbxmpp/modules/date_and_time.py b/nbxmpp/modules/date_and_time.py index d024bdd..5ff9bb7 100644 --- a/nbxmpp/modules/date_and_time.py +++ b/nbxmpp/modules/date_and_time.py @@ -160,6 +160,11 @@ def parse_datetime( except ValueError: return None + if not 1 < date_time.year < 9999: + # Raise/Reduce MIN/MAX year so converting to different + # timezones cannot get out of range + return None + if check_utc: if convert != 'utc': raise ValueError( diff --git a/test/unit/test_datetime_parsing.py b/test/unit/test_datetime_parsing.py index 8970611..68de6d1 100644 --- a/test/unit/test_datetime_parsing.py +++ b/test/unit/test_datetime_parsing.py @@ -37,6 +37,10 @@ class TestDateTime(unittest.TestCase): '2017-11-05T07:41:20+05:00': datetime(2017, 11, 5, 2, 41, 20, 0, timezone.utc), '2017-11-05T01:41:20+00:00': datetime(2017, 11, 5, 1, 41, 20, 0, timezone.utc), '2017-11-05T01:41:20Z': datetime(2017, 11, 5, 1, 41, 20, 0, timezone.utc), + '0002-11-05T01:41:20Z': datetime(2, 11, 5, 1, 41, 20, 0, timezone.utc), + '9998-11-05T01:41:20Z': datetime(9998, 11, 5, 1, 41, 20, 0, timezone.utc), + '0001-11-05T01:41:20Z': None, + '9999-11-05T01:41:20Z': None, } for time_string, expected_value in strings.items(): -- cgit v1.2.3