org.apache.xerces.impl.dv.xs.AbstractDateTimeDV.getDate() wrongly validates
xsd:dateTime data 2007-02-201T11:01:53.111Z
-----------------------------------------------------------------------------------------------------------------------
Key: XERCESJ-1271
URL: https://issues.apache.org/jira/browse/XERCESJ-1271
Project: Xerces2-J
Issue Type: Bug
Components: XML Schema Datatypes
Environment: All
Reporter: Rajeev Misra
ISO Standards says that xsd:dateTime should be in the form of
[-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]
There is a bug in the implementation of
org.collaxa.thirdparty.apache.xerces.impl.dv.xs.AbstractDateTimeDV.getDate(String
buffer, int start, int end, int[] date) method which parses
2007-02-201T11:01:53.111Z and validates it as a valid xsd:dateTime.
>From DateTimeDV.parse() we pass 2007-02-201T11:01:53.111Z in buffer and
>"end" is index of 'T' which is 11, and start =0 to
>AbstractDateTimeDV.getDate() function.
Now in getDate() we assume that Date is either in form "-CCYY-MM-DD" or in form
of "CCYY-MM-DD", This assumption allows getDate() method to parse
2007-02-201T11:01:53.111Z and return 2007-02-20, and 2007-02-20 is valid
date, but 2007-02-201T11:01:53.111Z is not a valid (2007-02-201 is not valid
date) xsd:dateTime. As per standard '2007-02-201T' is invalid data, we can
have only two char 'DD' just before 'T' and after CCYY-MM-.
Right now in code we are ignoring all data that comes after CCYY-MM-DD and
before 'T' because we have already assumed that user is passing 2 char DD data
just before 'T' and after CCYY-MM- which is not true,
This means 2007-02-201T11:01:53.111Z, or "2007-02-2011111T11:01:53.111Z", or
"2007-02-20garbagedataT11:01:53.111Z" (all invalid xsd:dateTime) are parsed
as 2007-02-20 and accepted as valid xsd:dateTime.
-----------------------------------------------------------------------------------------------------
Solution is simple, we should check if "stop" variable and "end" are pointing
to index of 'T' or not. ie.
Change the implementation as
------------------------------------------
protected int getDate (String buffer, int start, int end, DateTimeData
date) throws RuntimeException{
start = getYearMonth(buffer, start, end, date);
if (buffer.charAt(start++) !='-') {
throw new RuntimeException("CCYY-MM must be followed by
'-' sign");
}
int stop = start + 2;
/* proposed change to invalidate 2007-02-201T11:01:53.111Z
and similar invalide xsd:dateTime*/
if( end != stop)
{
throw new RuntimeException("CCYY-MM-DDT must have 2
char DD");
}
date.day=parseInt(buffer, start, stop);
return stop;
}
----------------------------------------------------------
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
