mirror of
https://github.com/jetty/jetty.project.git
synced 2025-02-23 16:05:00 +00:00
Issue #1546 Ignore $names in Cookies in RFC6265 compliance mode
This commit is contained in:
Greg Wilkins
parent
14c132805e
commit
971bdac6b0
@ -23,6 +23,7 @@ import java.util.Locale;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
|
||||
import org.eclipse.jetty.http.CookieCompliance;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
||||
@ -40,6 +41,7 @@ public class CookieCutter
|
||||
{
|
||||
private static final Logger LOG = Log.getLogger(CookieCutter.class);
|
||||
|
||||
private final CookieCompliance _compliance;
|
||||
private Cookie[] _cookies;
|
||||
private Cookie[] _lastCookies;
|
||||
private final List<String> _fieldList = new ArrayList<>();
|
||||
@ -47,6 +49,12 @@ public class CookieCutter
|
||||
|
||||
public CookieCutter()
|
||||
{
|
||||
this(CookieCompliance.RFC6265);
|
||||
}
|
||||
|
||||
public CookieCutter(CookieCompliance compliance)
|
||||
{
|
||||
_compliance = compliance;
|
||||
}
|
||||
|
||||
public Cookie[] getCookies()
|
||||
@ -335,7 +343,11 @@ public class CookieCutter
|
||||
if (name.startsWith("$"))
|
||||
{
|
||||
String lowercaseName = name.toLowerCase(Locale.ENGLISH);
|
||||
if ("$path".equals(lowercaseName))
|
||||
if (_compliance==CookieCompliance.RFC6265)
|
||||
{
|
||||
// Ignore
|
||||
}
|
||||
else if ("$path".equals(lowercaseName))
|
||||
{
|
||||
if (cookie!=null)
|
||||
cookie.setPath(value);
|
||||
@ -354,13 +366,6 @@ public class CookieCutter
|
||||
{
|
||||
version = Integer.parseInt(value);
|
||||
}
|
||||
else
|
||||
{
|
||||
cookie = new Cookie(name, value);
|
||||
if (version > 0)
|
||||
cookie.setVersion(version);
|
||||
cookies.add(cookie);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -756,7 +756,7 @@ public class Request implements HttpServletRequest
|
||||
for (String c : metadata.getFields().getValuesList(HttpHeader.COOKIE))
|
||||
{
|
||||
if (_cookies == null)
|
||||
_cookies = new CookieCutter();
|
||||
_cookies = new CookieCutter(getHttpChannel().getHttpConfiguration().getCookieCompliance());
|
||||
_cookies.addCookieField(c);
|
||||
}
|
||||
|
||||
@ -2043,7 +2043,7 @@ public class Request implements HttpServletRequest
|
||||
public void setCookies(Cookie[] cookies)
|
||||
{
|
||||
if (_cookies == null)
|
||||
_cookies = new CookieCutter();
|
||||
_cookies = new CookieCutter(getHttpChannel().getHttpConfiguration().getCookieCompliance());
|
||||
_cookies.setCookies(cookies);
|
||||
}
|
||||
|
||||
|
||||
@ -23,14 +23,15 @@ import static org.junit.Assert.assertThat;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
|
||||
import org.eclipse.jetty.http.CookieCompliance;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
|
||||
public class CookieCutterTest
|
||||
{
|
||||
private Cookie[] parseCookieHeaders(String... headers)
|
||||
private Cookie[] parseCookieHeaders(CookieCompliance compliance,String... headers)
|
||||
{
|
||||
CookieCutter cutter = new CookieCutter();
|
||||
CookieCutter cutter = new CookieCutter(compliance);
|
||||
for (String header : headers)
|
||||
{
|
||||
cutter.addCookieField(header);
|
||||
@ -58,7 +59,7 @@ public class CookieCutterTest
|
||||
{
|
||||
String rawCookie = "$Version=\"1\"; Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\"";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC2965,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(1));
|
||||
assertCookie("Cookies[0]", cookies[0], "Customer", "WILE_E_COYOTE", 1, "/acme");
|
||||
@ -74,7 +75,7 @@ public class CookieCutterTest
|
||||
"Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\"; " +
|
||||
"Part_Number=\"Rocket_Launcher_0001\"; $Path=\"/acme\"";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC2965,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(2));
|
||||
assertCookie("Cookies[0]", cookies[0], "Customer", "WILE_E_COYOTE", 1, "/acme");
|
||||
@ -92,7 +93,7 @@ public class CookieCutterTest
|
||||
"Part_Number=\"Rocket_Launcher_0001\"; $Path=\"/acme\"; " +
|
||||
"Shipping=\"FedEx\"; $Path=\"/acme\"";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC2965,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(3));
|
||||
assertCookie("Cookies[0]", cookies[0], "Customer", "WILE_E_COYOTE", 1, "/acme");
|
||||
@ -110,7 +111,7 @@ public class CookieCutterTest
|
||||
"Part_Number=\"Riding_Rocket_0023\"; $Path=\"/acme/ammo\"; " +
|
||||
"Part_Number=\"Rocket_Launcher_0001\"; $Path=\"/acme\"";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC2965,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(2));
|
||||
assertCookie("Cookies[0]", cookies[0], "Part_Number", "Riding_Rocket_0023", 1, "/acme/ammo");
|
||||
@ -127,7 +128,7 @@ public class CookieCutterTest
|
||||
"session_id=\"1234\"; " +
|
||||
"session_id=\"1111\"; $Domain=\".cracker.edu\"";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC2965,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(2));
|
||||
assertCookie("Cookies[0]", cookies[0], "session_id", "1234", 1, null);
|
||||
@ -144,7 +145,7 @@ public class CookieCutterTest
|
||||
String rawCookie = "$Version=\"1\"; session_id=\"1234\", " +
|
||||
"$Version=\"1\"; session_id=\"1111\"; $Domain=\".cracker.edu\"";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC6265,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(2));
|
||||
assertCookie("Cookies[0]", cookies[0], "session_id", "1234", 1, null);
|
||||
@ -159,7 +160,7 @@ public class CookieCutterTest
|
||||
{
|
||||
String rawCookie = "SID=31d4d96e407aad42";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC6265,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(1));
|
||||
assertCookie("Cookies[0]", cookies[0], "SID", "31d4d96e407aad42", 0, null);
|
||||
@ -173,7 +174,7 @@ public class CookieCutterTest
|
||||
{
|
||||
String rawCookie = "SID=31d4d96e407aad42; lang=en-US";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC6265,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(2));
|
||||
assertCookie("Cookies[0]", cookies[0], "SID", "31d4d96e407aad42", 0, null);
|
||||
@ -188,9 +189,22 @@ public class CookieCutterTest
|
||||
{
|
||||
String rawCookie = "key=value";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(rawCookie);
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC6265,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(1));
|
||||
assertCookie("Cookies[0]", cookies[0], "key", "value", 0, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Basic name=value, following RFC6265 rules
|
||||
*/
|
||||
@Test
|
||||
public void testDollarName()
|
||||
{
|
||||
String rawCookie = "$key=value";
|
||||
|
||||
Cookie cookies[] = parseCookieHeaders(CookieCompliance.RFC6265,rawCookie);
|
||||
|
||||
assertThat("Cookies.length", cookies.length, is(0));
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,6 +58,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.Part;
|
||||
|
||||
import org.eclipse.jetty.http.BadMessageException;
|
||||
import org.eclipse.jetty.http.CookieCompliance;
|
||||
import org.eclipse.jetty.http.HttpTester;
|
||||
import org.eclipse.jetty.http.MimeTypes;
|
||||
import org.eclipse.jetty.server.LocalConnector.LocalEndPoint;
|
||||
@ -1319,39 +1320,6 @@ public class RequestTest
|
||||
assertNotSame(cookies.get(0), cookies.get(2));
|
||||
assertNotSame(cookies.get(1), cookies.get(3));
|
||||
|
||||
cookies.clear();
|
||||
//NOTE: the javax.servlet.http.Cookie class sets the system property org.glassfish.web.rfc2109_cookie_names_enforced
|
||||
//to TRUE by default, and rejects all cookie names containing punctuation.Therefore this test cannot use "name2".
|
||||
response=_connector.getResponse(
|
||||
"POST / HTTP/1.1\r\n"+
|
||||
"Host: whatever\r\n"+
|
||||
"Cookie: name0=value0; name1 = value1 ; name2 = \"\\\"value2\\\"\" \n" +
|
||||
"Cookie: $Version=2; name3=value3=value3;$path=/path;$domain=acme.com;$port=8080; name4=\"\"; name5 = ; name6\n" +
|
||||
"Cookie: name7=value7;\n" +
|
||||
"Connection: close\r\n"+
|
||||
"\r\n");
|
||||
|
||||
assertEquals("name0", cookies.get(0).getName());
|
||||
assertEquals("value0", cookies.get(0).getValue());
|
||||
assertEquals("name1", cookies.get(1).getName());
|
||||
assertEquals("value1", cookies.get(1).getValue());
|
||||
assertEquals("name2", cookies.get(2).getName());
|
||||
assertEquals("\"value2\"", cookies.get(2).getValue());
|
||||
assertEquals("name3", cookies.get(3).getName());
|
||||
assertEquals("value3=value3", cookies.get(3).getValue());
|
||||
assertEquals(2, cookies.get(3).getVersion());
|
||||
assertEquals("/path", cookies.get(3).getPath());
|
||||
assertEquals("acme.com", cookies.get(3).getDomain());
|
||||
assertEquals("$port=8080", cookies.get(3).getComment());
|
||||
assertEquals("name4", cookies.get(4).getName());
|
||||
assertEquals("", cookies.get(4).getValue());
|
||||
assertEquals("name5", cookies.get(5).getName());
|
||||
assertEquals("", cookies.get(5).getValue());
|
||||
// assertEquals("name6", cookies.get(6).getName());
|
||||
// assertEquals("", cookies.get(6).getValue());
|
||||
assertEquals("name7", cookies.get(6).getName());
|
||||
assertEquals("value7", cookies.get(6).getValue());
|
||||
|
||||
cookies.clear();
|
||||
response=_connector.getResponse(
|
||||
"GET /other HTTP/1.1\n"+
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user