fix: add input validation to formatDateToYYMMDD function to prevent substring errors

[berZKerk]

Added input validation to prevent potential runtime errors when processing malformed date strings.

Summary by CodeRabbit

• Bug Fixes
  • Improved date parsing: accepts short YYMMDD inputs, preserves handling of full timestamps, and rejects empty or malformed dates with clear errors.
  • Prevents silent failures in features depending on dates; ensures more consistent behavior across platforms.
  • No visible UI changes; users may see explicit error messages for invalid dates.

[coderabbitai]

Walkthrough

formatDateToYYMMDD in app/src/utils/utils.ts gained stricter input handling: it now throws on empty input, returns 6-character YYMMDD strings unchanged, extracts YYMMDD from 10+ character YYYY-MM-DD-like strings, and throws for other invalid lengths. TD1_REGEX was converted from named capture groups to a non-named regex (test usage unchanged). No exported signatures changed.

Changes

Cohort / File(s)	Summary
Date parsing & regex tweaks app/src/utils/utils.ts	Reworked formatDateToYYMMDD input validation: throws Error for empty input, returns 6-char input directly (YYMMDD), extracts YYMMDD from 10+ char ISO-like strings, and throws on other invalid lengths. Replaced named capturing groups in TD1_REGEX with a non-named capturing regex; no change to exports/signatures.

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant Utils as utils.formatDateToYYMMDD

  Caller->>Utils: formatDateToYYMMDD(inputDate)
  alt inputDate is empty
    Utils-->>Caller: throw Error("Invalid date format: input string cannot be empty")
  else if inputDate length == 6
    Utils-->>Caller: return inputDate (YYMMDD)
  else if inputDate length >= 10
    Utils->>Utils: extract substrings (year=2..4, month=5..7, day=8..10)
    Utils-->>Caller: return year+month+day
  else
    Utils-->>Caller: throw Error("Invalid date format: expected YYMMDD (6 chars) or YYYY-MM-DD format (10+ chars)")
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A tiny date, six chars bright,
Another spans the ISO night.
Empty inputs get a firm “nope,”
Substrings stitch the needed scope.
Regex trimmed — the code stays light.

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[giga-agent]

Giga Summary

• Added input validation to formatDateToYYMMDD function to prevent substring errors
• Impact: Enhances robustness by preventing runtime errors from malformed date strings
• Changes:

• Added validation to check if inputDate is not null and has a length of at least 10 characters
• Throws an error if the input date is invalid
  • Focus:
• Ensure the validation logic correctly handles edge cases and potential malformed inputs

Quality Assessment

• Key strengths: Effective input validation, focused fix.
• Critical issues: None identified.
• Recommendation: Approve.

Quality Score: 9/10 (Threshold: 7/10)

💬 Detailed comments have been added to specific code changes.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

app/src/utils/utils.ts (1)

49-63: Handle potential exceptions from formatDateToYYMMDD in PassportCameraScreen

We’ve confirmed that formatDateToYYMMDD now throws on inputs shorter than 10 characters. On iOS branches (lines 72 & 74), those calls aren’t wrapped, so an unexpected or malformed date string will bubble up and crash the app. Please ensure you either pre-validate or catch errors around these calls.

• File: app/src/screens/passport/PassportCameraScreen.tsx
– Lines 72 and 74: wrap formatDateToYYMMDD(dateOfBirth) and formatDateToYYMMDD(dateOfExpiry) in a try/catch (or validate dateOfBirth/dateOfExpiry length ≥ 10 first).
– Fall back to a safe default or show a user‐friendly error message rather than letting an uncaught exception crash the app.

Suggested diff snippet:

--- a/app/src/screens/passport/PassportCameraScreen.tsx
+++ b/app/src/screens/passport/PassportCameraScreen.tsx
@@ -69,7 +69,16 @@ export function PassportCameraScreen() {
-      const formattedDateOfBirth =
-        Platform.OS === 'ios' ? formatDateToYYMMDD(dateOfBirth) : dateOfBirth;
-      const formattedDateOfExpiry =
-        Platform.OS === 'ios' ? formatDateToYYMMDD(dateOfExpiry) : dateOfExpiry;
+      let formattedDateOfBirth = dateOfBirth;
+      let formattedDateOfExpiry = dateOfExpiry;
+      if (Platform.OS === 'ios') {
+        try {
+          if (dateOfBirth.length >= 10) {
+            formattedDateOfBirth = formatDateToYYMMDD(dateOfBirth);
+          }
+          if (dateOfExpiry.length >= 10) {
+            formattedDateOfExpiry = formatDateToYYMMDD(dateOfExpiry);
+          }
+        } catch (err) {
+          // TODO: surface validation error to user instead of crashing
+          console.error('Invalid passport date format', err);
+        }
+      }

🧹 Nitpick comments (3)

app/src/utils/utils.ts (3)

51-60: Strengthen validation: enforce ISO-like prefix and trim before slicing

Length alone won’t catch cases like "2025/08/16…" or leading/trailing spaces. Consider trimming and validating the first 10 chars match YYYY-MM-DD. This keeps the function fast and reduces silent bad outputs.

Proposed patch:

 export function formatDateToYYMMDD(inputDate: string) {
-  // Validate input string length to prevent substring errors
-  if (!inputDate || inputDate.length < 10) {
-    throw new Error('Invalid date format: input string must be at least 10 characters long');
-  }
+  // Normalize and validate the ISO-like date prefix (YYYY-MM-DD)
+  if (!inputDate) {
+    throw new TypeError('Invalid date format: expected a non-empty string');
+  }
+  const s = inputDate.trim();
+  if (s.length < 10 || !/^\d{4}-\d{2}-\d{2}/.test(s)) {
+    throw new TypeError('Invalid date format: expected YYYY-MM-DD at the start of the string');
+  }
 
   // Extract the date components directly from the input string
-  const year = inputDate.substring(2, 4); // Get YY part
-  const month = inputDate.substring(5, 7); // Get MM part
-  const day = inputDate.substring(8, 10); // Get DD part
+  const year = s.substring(2, 4); // Get YY part
+  const month = s.substring(5, 7); // Get MM part
+  const day = s.substring(8, 10); // Get DD part

---

51-55: Prefer TypeError for invalid argument shape

Minor: throwing TypeError is more semantically accurate for invalid argument values than a generic Error.

If you keep the current approach:

-    throw new Error('Invalid date format: input string must be at least 10 characters long');
+    throw new TypeError('Invalid date format: input string must be at least 10 characters long');

---

49-63: Add unit tests for valid and invalid inputs

Recommend adding tests covering:

• Valid: "2025-08-16 00:00:00 +0000" → "250816"
• Valid: "2025-08-16" → "250816"
• Invalid: empty string, whitespace only, shorter than 10 chars, wrong separators like "2025/08/16", non-digits in date

I can draft a Jest test file with these cases if helpful.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between cb2ef91 and 93e8d5f.

📒 Files selected for processing (1)

• app/src/utils/utils.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit Configuration File

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/utils/utils.ts

🔇 Additional comments (1)

app/src/utils/utils.ts (1)

51-55: Good defensive guard to prevent malformed inputs

The upfront length check is a pragmatic way to stop bad inputs before slicing. Low overhead, improves robustness, and avoids downstream surprises.

[transphorm]

@berZKerk thanks for opening this pull request. can you please re-create and open against the dev branch? thank you!

[aaronmgdr]

couldnt it be equal to 10 too?

[berZKerk]

So basically I've made some changes related to @aaronmgdr comment, also could you please tell me how to solve all those conflicts?

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/src/utils/utils.ts (1)

8-13: TD1 detection/extraction is inconsistent: regex expects line1+line2 concatenated, but you only test/slice line 0

The TD1 pattern matches ~55 chars from the concatenation of TD1 line 1 and line 2, yet isTD1 tests mrzLines[0] only, and the TD1 extraction later slices indices (30..44) that only make sense on the concatenated string. This will misclassify valid TD1 MRZs and extract incorrect DOB/expiry values.

Apply this minimal fix to test the concatenated lines and to extract from the same concatenation:

-  const isTD1 = TD1_REGEX.test(mrzLines[0]) || mrzLines[0].startsWith('I');
+  const td1Candidate = (mrzLines[0] ?? '') + (mrzLines[1] ?? '');
+  const isTD1 = TD1_REGEX.test(td1Candidate);

@@
-    const line = mrzLines[0];
+    const line = td1Candidate;

Optionally, consider also validating expected lengths before parsing (TD1 lines are 30 chars each) and removing the permissive startsWith('I') fallback to avoid false positives. I can provide a hardened parser if helpful.

Also applies to: 23-37

♻️ Duplicate comments (1)

app/src/utils/utils.ts (1)

61-70: Prefer pattern-based parsing over length checks; also support YYYYMMDD (8 digits)

Using length >= 10 can accept malformed strings (e.g., wrong separators). Match the expected prefix YYYY-MM-DD, and optionally accept YYYYMMDD which is common. This keeps the function robust while staying aligned with the PR goal (avoid substring errors).

-  // If the date is in YYYY-MM-DD format (at least 10 characters), convert it
-  if (inputDate.length >= 10) {
-    // Extract the date components directly from the input string
-    const year = inputDate.substring(2, 4); // Get YY part
-    const month = inputDate.substring(5, 7); // Get MM part
-    const day = inputDate.substring(8, 10); // Get DD part
-
-    // Concatenate components into YYMMDD format
-    return year + month + day;
-  }
+  // YYYY-MM-DD[...] (Android)
+  const mDash = inputDate.match(/^(\d{4})-(\d{2})-(\d{2})/);
+  if (mDash) {
+    const [, yyyy, mm, dd] = mDash;
+    return yyyy.slice(2) + mm + dd;
+  }
+
+  // YYYYMMDD (fallback)
+  if (/^\d{8}$/.test(inputDate)) {
+    return inputDate.slice(2);
+  }

Note: The earlier reviewer’s question “couldn’t it be equal to 10 too?” is effectively addressed by matching exactly YYYY-MM-DD (10 chars prefix) instead of relying on length.

🧹 Nitpick comments (4)

app/src/utils/utils.ts (4)

52-54: Trim input before validation to avoid benign whitespace rejections

Leading/trailing spaces from OCR/platform APIs can trigger the "empty input" error. Trim first, then validate.

-export function formatDateToYYMMDD(inputDate: string) {
-  if (!inputDate) {
+export function formatDateToYYMMDD(inputDate: string) {
+  inputDate = inputDate.trim();
+  if (!inputDate) {
     throw new Error('Invalid date format: input string cannot be empty');
   }

---

56-60: Validate YYMMDD to be digits only

Right now any 6-char string passes. Enforce digit-only to prevent silent corruption.

-  if (inputDate.length === 6) {
-    return inputDate;
-  }
+  if (inputDate.length === 6) {
+    if (!/^\d{6}$/.test(inputDate)) {
+      throw new Error('Invalid date format: YYMMDD must be 6 digits');
+    }
+    return inputDate;
+  }

---

51-51: Add explicit return type and brief TSDoc for exported utility

Small clarity boost and safer refactors later.

-export function formatDateToYYMMDD(inputDate: string) {
+/**
+ * Normalizes dates to YYMMDD (UTC) from inputs like 'YYMMDD', 'YYYY-MM-DD', 'YYYYMMDD'.
+ * Throws on unsupported formats.
+ */
+export function formatDateToYYMMDD(inputDate: string): string {

---

49-73: Consolidate date formatting: route MainScreen through this utility to avoid duplication

MainScreen.tsx (lines 101-103 in the provided snippet) manually constructs YYMMDD via toISOString().slice(...). Consider using formatDateToYYMMDD there for a single source of truth and consistent validation behavior across platforms.

I can prepare a small PR diff for MainScreen.tsx to swap in this utility.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 93e8d5f and 6b59e01.

📒 Files selected for processing (1)

• app/src/utils/utils.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/src/utils/utils.ts

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/utils/utils.ts

🧬 Code graph analysis (1)

app/src/utils/utils.ts (2)

app/src/screens/MainScreen.tsx (1)

• date (102-104)

common/src/utils/utils.ts (1)

• getCurrentDateYYMMDD (234-246)

🔇 Additional comments (1)

app/src/utils/utils.ts (1)

9-9: Regex change itself is fine given current usage

Switching to non-named capture groups in TD1_REGEX is OK since the code uses .test(...) only. Once the TD1 concatenation issue (above) is fixed, this regex will serve the detection purpose as intended.