will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(audit): reject malformed rolling artifact tags

Browse Source 
Harden phase0 rolling retention timestamp parsing with explicit bounds and UTC round-trip validation; add regression coverage for invalid date/time tags. No architecture/protocol flow changes; diagram files reviewed and no updates were needed.
This commit is contained in:
William Valentin
2026-02-27 13:04:27 -08:00
parent 49a5a44c8a
commit ad395bbdd6
3 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/audit/phase0BaselineArtifactRetention.ts
+20 -1
View File
@@ -74,9 +74,28 @@ function parseRollingTagTimestampMs(tag: string): number | undefined {
if (!Number.isFinite(hour) || !Number.isFinite(minute) || !Number.isFinite(second)) {
return undefined;
}
if (month < 1 || month > 12 || day < 1 || day > 31 || hour < 0 || hour > 23 || minute < 0 || minute > 59 || second < 0 || second > 59) {
return undefined;
}
const timestampMs = Date.UTC(year, month - 1, day, hour, minute, second);
return Number.isFinite(timestampMs) ? timestampMs : undefined;
if (!Number.isFinite(timestampMs)) {
return undefined;
}
const utc = new Date(timestampMs);
if (
utc.getUTCFullYear() !== year
|| utc.getUTCMonth() !== month - 1
|| utc.getUTCDate() !== day
|| utc.getUTCHours() !== hour
|| utc.getUTCMinutes() !== minute
|| utc.getUTCSeconds() !== second
) {
return undefined;
}
return timestampMs;
}
function parseRollingArtifactFile(fileName: string): Phase0RollingArtifactFile | undefined {