From 208f04d63001e290ed022060f8afe01979988ffc Mon Sep 17 00:00:00 2001 From: "dwitte@stanford.edu" Date: Mon, 7 May 2007 04:40:23 -0700 Subject: [PATCH] unit test for new cookie path checks, per bug 373228. --- netwerk/test/TestCookie.cpp | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/netwerk/test/TestCookie.cpp b/netwerk/test/TestCookie.cpp index 91b3fc188f5..3872574163d 100644 --- a/netwerk/test/TestCookie.cpp +++ b/netwerk/test/TestCookie.cpp @@ -282,7 +282,7 @@ main(PRInt32 argc, char *argv[]) * * the results of each individual testing operation from CheckResult() is * stored in an array of bools, which is then checked against the expected - * outcomes (all successes), by PrintResult()). the overall result of all + * outcomes (all successes), by PrintResult(). the overall result of all * tests to date is kept in |allTestsPassed|, for convenient display at the * end. * @@ -406,7 +406,33 @@ main(PRInt32 argc, char *argv[]) GetACookie(cookieService, "http://path.net/foo/", nsnull, getter_Copies(cookie)); rv[12] = CheckResult(cookie.get(), MUST_BE_NULL); - allTestsPassed = PrintResult(rv, 13) && allTestsPassed; + // bug 373228: make sure cookies with paths longer than 1024 bytes, + // and cookies with paths or names containing tabs, are rejected. + // the following cookie has a path > 1024 bytes explicitly specified in the cookie + SetACookie(cookieService, "http://path.net/", nsnull, "test=path; path=/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nsnull); + GetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890", nsnull, getter_Copies(cookie)); + rv[13] = CheckResult(cookie.get(), MUST_BE_NULL); + // the following cookie has a path > 1024 bytes implicitly specified by the uri path + SetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nsnull, "test=path", nsnull); + GetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nsnull, getter_Copies(cookie)); + rv[14] = CheckResult(cookie.get(), MUST_BE_NULL); + // the following cookie includes a tab in the path + SetACookie(cookieService, "http://path.net/", nsnull, "test=path; path=/foo\tbar/", nsnull); + GetACookie(cookieService, "http://path.net/foo\tbar/", nsnull, getter_Copies(cookie)); + rv[15] = CheckResult(cookie.get(), MUST_BE_NULL); + // the following cookie includes a tab in the name + SetACookie(cookieService, "http://path.net/", nsnull, "test\ttabs=tab", nsnull); + GetACookie(cookieService, "http://path.net/", nsnull, getter_Copies(cookie)); + rv[16] = CheckResult(cookie.get(), MUST_BE_NULL); + // the following cookie includes a tab in the value - allowed + SetACookie(cookieService, "http://path.net/", nsnull, "test=tab\ttest", nsnull); + GetACookie(cookieService, "http://path.net/", nsnull, getter_Copies(cookie)); + rv[17] = CheckResult(cookie.get(), MUST_EQUAL, "test=tab\ttest"); + SetACookie(cookieService, "http://path.net/", nsnull, "test=tab\ttest; max-age=-1", nsnull); + GetACookie(cookieService, "http://path.net/", nsnull, getter_Copies(cookie)); + rv[18] = CheckResult(cookie.get(), MUST_BE_NULL); + + allTestsPassed = PrintResult(rv, 19) && allTestsPassed; // *** expiry & deletion tests