From b9891f29e2330c20cbef857122c54c6d093bd3db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= <filip.tronicek@seznam.cz>
Date: Wed, 8 Feb 2023 17:07:32 +0100
Subject: [PATCH] Only allow decimal values in timeouts

This allowed users to have durations in other number systems like hexadecimal. For example `0xfd` was a valid timeout.
---
 components/gitpod-protocol/src/gitpod-service.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/gitpod-protocol/src/gitpod-service.ts b/components/gitpod-protocol/src/gitpod-service.ts
index eeff29698ae9c3..f3434dd7c83b4b 100644
--- a/components/gitpod-protocol/src/gitpod-service.ts
+++ b/components/gitpod-protocol/src/gitpod-service.ts
@@ -363,11 +363,12 @@ const WORKSPACE_MAXIMUM_TIMEOUT_HOURS = 24;
 export type WorkspaceTimeoutDuration = string;
 export namespace WorkspaceTimeoutDuration {
     export function validate(duration: string): WorkspaceTimeoutDuration {
+        duration = duration.toLowerCase();
         const unit = duration.slice(-1);
         if (!["m", "h", "d"].includes(unit)) {
             throw new Error(`Invalid timeout unit: ${unit}`);
         }
-        const value = parseInt(duration.slice(0, -1));
+        const value = parseInt(duration.slice(0, -1), 10);
         if (isNaN(value) || value <= 0) {
             throw new Error(`Invalid timeout value: ${duration}`);
         }