Issue #3924: Ignore cookies with invalid "version" field in cookielib.

This commit is contained in:
Georg Brandl 2010-05-22 11:29:19 +00:00
parent f93ce0c1f5
commit 5d0ca2c832
3 changed files with 32 additions and 6 deletions

View File

@ -434,6 +434,13 @@ def join_header_words(lists):
if attr: headers.append("; ".join(attr)) if attr: headers.append("; ".join(attr))
return ", ".join(headers) return ", ".join(headers)
def strip_quotes(text):
if text.startswith('"'):
text = text[1:]
if text.endswith('"'):
text = text[:-1]
return text
def parse_ns_headers(ns_headers): def parse_ns_headers(ns_headers):
"""Ad-hoc parser for Netscape protocol cookie-attributes. """Ad-hoc parser for Netscape protocol cookie-attributes.
@ -451,7 +458,7 @@ def parse_ns_headers(ns_headers):
""" """
known_attrs = ("expires", "domain", "path", "secure", known_attrs = ("expires", "domain", "path", "secure",
# RFC 2109 attrs (may turn up in Netscape cookies, too) # RFC 2109 attrs (may turn up in Netscape cookies, too)
"port", "max-age") "version", "port", "max-age")
result = [] result = []
for ns_header in ns_headers: for ns_header in ns_headers:
@ -471,12 +478,11 @@ def parse_ns_headers(ns_headers):
k = lc k = lc
if k == "version": if k == "version":
# This is an RFC 2109 cookie. # This is an RFC 2109 cookie.
v = strip_quotes(v)
version_set = True version_set = True
if k == "expires": if k == "expires":
# convert expires date to seconds since epoch # convert expires date to seconds since epoch
if v.startswith('"'): v = v[1:] v = http2time(strip_quotes(v)) # None if invalid
if v.endswith('"'): v = v[:-1]
v = http2time(v) # None if invalid
pairs.append((k, v)) pairs.append((k, v))
if pairs: if pairs:
@ -1450,7 +1456,11 @@ class CookieJar:
# set the easy defaults # set the easy defaults
version = standard.get("version", None) version = standard.get("version", None)
if version is not None: version = int(version) if version is not None:
try:
version = int(version)
except ValueError:
return None # invalid version, ignore cookie
secure = standard.get("secure", False) secure = standard.get("secure", False)
# (discard is also set if expires is Absent) # (discard is also set if expires is Absent)
discard = standard.get("discard", False) discard = standard.get("discard", False)

View File

@ -99,7 +99,8 @@ class DateTimeTests(TestCase):
class HeaderTests(TestCase): class HeaderTests(TestCase):
def test_parse_ns_headers(self):
def test_parse_ns_headers_expires(self):
from cookielib import parse_ns_headers from cookielib import parse_ns_headers
# quotes should be stripped # quotes should be stripped
@ -110,6 +111,17 @@ class HeaderTests(TestCase):
]: ]:
self.assertEquals(parse_ns_headers([hdr]), expected) self.assertEquals(parse_ns_headers([hdr]), expected)
def test_parse_ns_headers_version(self):
from cookielib import parse_ns_headers
# quotes should be stripped
expected = [[('foo', 'bar'), ('version', '1')]]
for hdr in [
'foo=bar; version="1"',
'foo=bar; Version="1"',
]:
self.assertEquals(parse_ns_headers([hdr]), expected)
def test_parse_ns_headers_special_names(self): def test_parse_ns_headers_special_names(self):
# names such as 'expires' are not special in first name=value pair # names such as 'expires' are not special in first name=value pair
# of Set-Cookie: header # of Set-Cookie: header
@ -1091,6 +1103,8 @@ class CookieTests(TestCase):
["Set-Cookie2: a=foo; path=/; Version=1; domain"], ["Set-Cookie2: a=foo; path=/; Version=1; domain"],
# bad max-age # bad max-age
["Set-Cookie: b=foo; max-age=oops"], ["Set-Cookie: b=foo; max-age=oops"],
# bad version
["Set-Cookie: b=foo; version=spam"],
]: ]:
c = cookiejar_from_cookie_headers(headers) c = cookiejar_from_cookie_headers(headers)
# these bad cookies shouldn't be set # these bad cookies shouldn't be set

View File

@ -29,6 +29,8 @@ C-API
Library Library
------- -------
- Issue #3924: Ignore cookies with invalid "version" field in cookielib.
- Issue #6268: Fix seek() method of codecs.open(), don't read the BOM twice - Issue #6268: Fix seek() method of codecs.open(), don't read the BOM twice
after seek(0) after seek(0)