From 0b31838f19e62c24676567f04a8c7ef9988f0be0 Mon Sep 17 00:00:00 2001 From: waleed Date: Mon, 6 Jul 2026 17:38:22 -0700 Subject: [PATCH] fix(ses): reject malformed startDate/endDate in list_suppressed_destinations startDate/endDate were passed through new Date(...) with no validity check, so a malformed non-empty string became an Invalid Date and was still forwarded to AWS, surfacing as a generic 500. The contract now rejects unparseable date strings with a clear 400. --- .../tools/aws/ses-list-suppressed-destinations.ts | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/apps/sim/lib/api/contracts/tools/aws/ses-list-suppressed-destinations.ts b/apps/sim/lib/api/contracts/tools/aws/ses-list-suppressed-destinations.ts index db8f90d40d6..017130f15e4 100644 --- a/apps/sim/lib/api/contracts/tools/aws/ses-list-suppressed-destinations.ts +++ b/apps/sim/lib/api/contracts/tools/aws/ses-list-suppressed-destinations.ts @@ -17,8 +17,18 @@ const ListSuppressedDestinationsSchema = z.object({ accessKeyId: z.string().min(1, 'AWS access key ID is required'), secretAccessKey: z.string().min(1, 'AWS secret access key is required'), reasons: z.string().nullish(), - startDate: z.string().nullish(), - endDate: z.string().nullish(), + startDate: z + .string() + .nullish() + .refine((v) => !v || !Number.isNaN(new Date(v).getTime()), { + message: 'startDate must be a valid date string', + }), + endDate: z + .string() + .nullish() + .refine((v) => !v || !Number.isNaN(new Date(v).getTime()), { + message: 'endDate must be a valid date string', + }), pageSize: z.number().int().min(1).max(1000).nullish(), nextToken: z.string().nullish(), })