diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutterTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutterTest.java index e1303d8d80a..21e2db965d6 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutterTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutterTest.java @@ -138,10 +138,9 @@ public class CookieCutterTest * Example from RFC2965 */ @Test - @Ignore + @Ignore("comma separation no longer supported by RFC6265") public void testRFC2965_CookieSpoofingExample() { - // Ignored because comma separation no longer supported by RFC6265 String rawCookie = "$Version=\"1\"; session_id=\"1234\", " + "$Version=\"1\"; session_id=\"1111\"; $Domain=\".cracker.edu\""; @@ -182,7 +181,7 @@ public class CookieCutterTest } /** - * Basic key=value, following RFC6265 rules + * Basic name=value, following RFC6265 rules */ @Test public void testKeyValue() @@ -194,4 +193,21 @@ public class CookieCutterTest assertThat("Cookies.length", cookies.length, is(1)); assertCookie("Cookies[0]", cookies[0], "key", "value", 0, null); } + + /** + * Multiple name=value, heavy abuse, badly terminated quotes, lenient behavior test + */ + @Test + public void testMultiName_BadQuoteTerminate() + { + // TODO: this seems very hokey, and allowing this as 3 separate entries is probably a security issue. + String rawCookie = "a=\"b; $Path=/a; c=d; $PATH=/c; e=f\"; $Path=/e/"; + + Cookie cookies[] = parseCookieHeaders(rawCookie); + + assertThat("Cookies.length", cookies.length, is(3)); + assertCookie("Cookies[0]", cookies[0], "a", "\"b", 0, "/a"); + assertCookie("Cookies[1]", cookies[1], "c", "d", 0, "/c"); + assertCookie("Cookies[2]", cookies[2], "e", "f\"", 0, "/e/"); + } } diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutter_LenientTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutter_LenientTest.java index ece684758e8..4eb0f7d29a8 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutter_LenientTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/CookieCutter_LenientTest.java @@ -76,7 +76,7 @@ public class CookieCutter_LenientTest ret.add(new String[]{"some-thing-else=to-parse", "some-thing-else", "to-parse"}); // RFC2109 - names with attr/token syntax starting with '$' (and not a cookie reserved word) // See https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-5.2 - // Cannot pass names through as Cookie class does not allow them + // Cannot pass names through as javax.servlet.http.Cookie class does not allow them ret.add(new String[]{"$foo=bar", null, null}); // Tests that conform to RFC6265 @@ -94,12 +94,34 @@ public class CookieCutter_LenientTest ret.add(new String[]{"query=\"?b=c\"&\"d=e\"", "query", "?b=c\"&\"d=e"}); // Escaped quotes ret.add(new String[]{"foo=\"bar\\\"=\\\"baz\"", "foo", "bar\"=\"baz"}); + + // Unterminated Quotes + ret.add(new String[]{"x=\"abc", "x", "\"abc"}); + // Unterminated Quotes with valid cookie params after it + ret.add(new String[]{"x=\"abc $Path=/", "x", "\"abc"}); // UTF-8 values ret.add(new String[]{"2sides=\u262F", "2sides", "\u262f"}); // 2 byte ret.add(new String[]{"currency=\"\u20AC\"", "currency", "\u20AC"}); // 3 byte ret.add(new String[]{"gothic=\"\uD800\uDF48\"", "gothic", "\uD800\uDF48"}); // 4 byte + // Spaces + ret.add(new String[]{"foo=bar baz", "foo", "bar baz"}); + ret.add(new String[]{"foo=\"bar baz\"", "foo", "bar baz"}); + ret.add(new String[]{"z=a b c d e f g", "z", "a b c d e f g"}); + + // Bad tspecials usage + ret.add(new String[]{"foo=bar;baz", "foo", "bar;baz"}); // TODO: not sure supporting this is sane + ret.add(new String[]{"foo=\"bar;baz\"", "foo", "bar;baz"}); + ret.add(new String[]{"z=a;b,c:d;e/f[g]", "z", "a;b,c:d;e/f[g]"}); + ret.add(new String[]{"z=\"a;b,c:d;e/f[g]\"", "z", "a;b,c:d;e/f[g]"}); + + // Quoted with other Cookie keywords + ret.add(new String[]{"x=\"$Version=0\"", "x", "$Version=0"}); + ret.add(new String[]{"x=\"$Path=/\"", "x", "$Path=/"}); + ret.add(new String[]{"x=\"$Path=/ $Domain=.foo.com\"", "x", "$Path=/ $Domain=.foo.com"}); + ret.add(new String[]{"x=\" $Path=/ $Domain=.foo.com \"", "x", " $Path=/ $Domain=.foo.com "}); + // Lots of equals signs ret.add(new String[]{"query=b=c&d=e", "query", "b=c&d=e"});