Skip to content

Commit 017e8ca

Browse files
authored
fix(ses): reject malformed startDate/endDate in list_suppressed_destinations (#5461)
startDate/endDate were passed through new Date(...) with no validity check, so a malformed non-empty string became an Invalid Date and was still forwarded to AWS, surfacing as a generic 500. The contract now rejects unparseable date strings with a clear 400.
1 parent 11be2a3 commit 017e8ca

1 file changed

Lines changed: 12 additions & 2 deletions

File tree

apps/sim/lib/api/contracts/tools/aws/ses-list-suppressed-destinations.ts

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,18 @@ const ListSuppressedDestinationsSchema = z.object({
1717
accessKeyId: z.string().min(1, 'AWS access key ID is required'),
1818
secretAccessKey: z.string().min(1, 'AWS secret access key is required'),
1919
reasons: z.string().nullish(),
20-
startDate: z.string().nullish(),
21-
endDate: z.string().nullish(),
20+
startDate: z
21+
.string()
22+
.nullish()
23+
.refine((v) => !v || !Number.isNaN(new Date(v).getTime()), {
24+
message: 'startDate must be a valid date string',
25+
}),
26+
endDate: z
27+
.string()
28+
.nullish()
29+
.refine((v) => !v || !Number.isNaN(new Date(v).getTime()), {
30+
message: 'endDate must be a valid date string',
31+
}),
2232
pageSize: z.number().int().min(1).max(1000).nullish(),
2333
nextToken: z.string().nullish(),
2434
})

0 commit comments

Comments
 (0)