Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #1546 Fixed cookie tests

This commit is contained in:
Greg Wilkins 2017-05-13 16:21:06 +02:00
parent bdeea10a6f
commit 04fe477e79
4 changed files with 83 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
jetty-server/src/main/java/org/eclipse/jetty/server/CookieCutter.java
View File

@ -23,7 +23,6 @@ import java.util.Locale;
import javax.servlet.http.Cookie;
import org.eclipse.jetty.http.QuotedCSV;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
@ -115,6 +114,8 @@ public class CookieCutter
while (_fieldList.size()>_fields)
_fieldList.remove(_fields);
StringBuilder unquoted=null;
// For each cookie field
for (String hdr : _fieldList)
{
@ -126,44 +127,46 @@ public class CookieCutter
boolean invalue=false;
boolean quoted=false;
boolean unquotedToken=false;
boolean escaped=false;
int tokenstart=-1;
int tokenend=-1;
for (int i = 0, length = hdr.length(), last=length-1; i < length; i++)
{
char c = hdr.charAt(i);
// Handle quoted values for name or value
if (quoted)
{
if (escaped)
{
escaped=false;
unquoted.append(c);
continue;
}
switch (c)
{
case '"':
tokenend=i;
quoted=false;
if (invalue)
value = hdr.substring(tokenstart+1, tokenend).replace("\\\"","\"");
if (i==last)
{
value = unquoted.toString();
}
else
{
name = hdr.substring(tokenstart+1, tokenend).replace("\\\"","\"");
if (i==last)
value = "";
unquotedToken=true;
tokenstart=i;
tokenend=-1;
}
tokenstart=-1;
tokenend=-1;
break;
case '\\':
escaped=true;
continue;
default:
unquoted.append(c);
continue;
}
}
@ -179,30 +182,42 @@ public class CookieCutter
case '\t':
continue;
case ';':
if (unquotedToken)
{
value = unquoted.toString();
unquoted.setLength(0);
unquotedToken = false;
}
else if(tokenstart>=0 && tokenend>=0)
value = hdr.substring(tokenstart, tokenend+1);
else
value="";
tokenstart = -1;
invalue=false;
break;
case '"':
if (tokenstart<0)
{
quoted=true;
tokenstart=i;
if (unquoted==null)
unquoted=new StringBuilder();
continue;
}
tokenend=i;
if (i==last)
{
value = hdr.substring(tokenstart, tokenend+1);
break;
}
continue;
// fall through to default case
case ';':
if (tokenstart>=0)
value = hdr.substring(tokenstart, tokenend+1);
else
value="";
tokenstart = -1;
invalue=false;
break;
default:
if (unquotedToken)
{
// must have been a bad internal quote. let's fix as best we can
unquoted.append(hdr.substring(tokenstart,i));
quoted = true;
unquotedToken = false;
i--;
continue;
}
if (tokenstart<0)
tokenstart=i;
tokenend=i;
@ -222,39 +237,49 @@ public class CookieCutter
case ' ':
case '\t':
continue;
case '"':
if (tokenstart<0)
{
quoted=true;
tokenstart=i;
}
tokenend=i;
if (i==last)
{
name = hdr.substring(tokenstart, tokenend+1);
value = "";
break;
}
continue;
case ';':
if (tokenstart>=0)
if (unquotedToken)
{
name = unquoted.toString();
unquoted.setLength(0);
unquotedToken = false;
}
else if(tokenstart>=0 && tokenend>=0)
{
name = hdr.substring(tokenstart, tokenend+1);
value = "";
}
value = "";
tokenstart = -1;
break;
case '=':
if (tokenstart>=0)
if (unquotedToken)
{
name = unquoted.toString();
unquoted.setLength(0);
unquotedToken = false;
}
else if(tokenstart>=0 && tokenend>=0)
{
name = hdr.substring(tokenstart, tokenend+1);
}
tokenstart = -1;
invalue=true;
continue;
default:
if (unquotedToken)
{
// must have been a bad internal quote. let's fix as best we can
unquoted.append(hdr.substring(tokenstart,i));
quoted = true;
unquotedToken = false;
i--;
continue;
}
if (tokenstart<0)
tokenstart=i;
tokenend=i;

9
jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutterTest.java
View File

@ -23,7 +23,7 @@ import static org.junit.Assert.assertThat;
import javax.servlet.http.Cookie;
import org.hamcrest.Matcher;
import org.junit.Ignore;
import org.junit.Test;
public class CookieCutterTest
@ -50,11 +50,6 @@ public class CookieCutterTest
assertThat(prefix + ".path", cookie.getPath(), is(expectedPath));
}
private void assertCookieComment(String prefix, Cookie cookie, Matcher<String> commentMatcher)
{
assertThat(prefix + ".comment", cookie.getComment(), commentMatcher);
}
/**
* Example from RFC2109 and RFC2965
*/
@ -143,8 +138,10 @@ public class CookieCutterTest
* Example from RFC2965
*/
@Test
@Ignore
public void testRFC2965_CookieSpoofingExample()
{
// Ignored because comma separation no longer supported by RFC6265
String rawCookie = "$Version=\"1\"; session_id=\"1234\", " +
"$Version=\"1\"; session_id=\"1111\"; $Domain=\".cracker.edu\"";

6
jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutter_LenientTest.java
View File

@ -26,7 +26,6 @@ import java.util.List;
import javax.servlet.http.Cookie;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@ -36,7 +35,6 @@ import org.junit.runners.Parameterized;
* due to our efforts at being lenient with what we receive.
*/
@RunWith(Parameterized.class)
@Ignore
public class CookieCutter_LenientTest
{
@Parameterized.Parameters(name = "{0}")
@ -93,9 +91,9 @@ public class CookieCutter_LenientTest
ret.add(new String[]{"foo=\"bar''-\"baz\"", "foo", "bar''-\"baz"});
// These seem dubious until you realize the "lots of equals signs" below works
ret.add(new String[]{"foo=\"bar\"=\"baz\"", "foo", "bar\"=\"baz"});
ret.add(new String[]{"query=\"?b=c\"&\"d=e\"", "foo", "?b=c\"&\"d=e"});
ret.add(new String[]{"query=\"?b=c\"&\"d=e\"", "query", "?b=c\"&\"d=e"});
// Escaped quotes
ret.add(new String[]{"foo=\"bar\\\"=\\\"baz\"", "foo", "bar\\\"=\\\"baz"});
ret.add(new String[]{"foo=\"bar\\\"=\\\"baz\"", "foo", "bar\"=\"baz"});
// UTF-8 values
ret.add(new String[]{"2sides=\u262F", "2sides", "\u262f"}); // 2 byte

12
jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
View File

@ -44,7 +44,6 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
@ -123,9 +122,8 @@ public class RequestTest
{
try
{
Map<String, String[]> map = null;
// do the parse
map = request.getParameterMap();
request.getParameterMap();
return false;
}
catch(BadMessageException e)
@ -952,7 +950,7 @@ public class RequestTest
_server.setHandler(handler);
_server.start();
String request="GET / HTTP/1.1\r\n"+
String requests="GET / HTTP/1.1\r\n"+
"Host: whatever\r\n"+
"Content-Type: text/plane\r\n"+
"Content-Length: "+10+"\r\n"+
@ -966,7 +964,9 @@ public class RequestTest
"\r\n"+
"ABCDEFGHIJ\r\n";
String responses = _connector.getResponses(request);
LocalEndPoint endp = _connector.executeRequest(requests);
String responses = endp.getResponse() + endp.getResponse();
int index=responses.indexOf("read="+(int)'0');
assertTrue(index>0);
@ -1325,7 +1325,7 @@ public class RequestTest
response=_connector.getResponse(
"POST / HTTP/1.1\r\n"+
"Host: whatever\r\n"+
"Cookie: name0=value0; name1 = value1 ; \"name2\" = \"\\\"value2\\\"\" \n" +
"Cookie: name0=value0; name1 = value1 ; name2 = \"\\\"value2\\\"\" \n" +
"Cookie: $Version=2; name3=value3=value3;$path=/path;$domain=acme.com;$port=8080; name4=; name5 = ; name6\n" +
"Cookie: name7=value7;\n" +
"Connection: close\r\n"+