// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include #include "net/cookies/parsed_cookie.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { namespace { class ParsedCookieTest : public testing::Test { }; } // namespace TEST(ParsedCookieTest, TestBasic) { ParsedCookie pc("a=b"); EXPECT_TRUE(pc.IsValid()); EXPECT_FALSE(pc.IsSecure()); EXPECT_EQ("a", pc.Name()); EXPECT_EQ("b", pc.Value()); } TEST(ParsedCookieTest, TestQuoted) { // These are some quoting cases which the major browsers all // handle differently. I've tested Internet Explorer 6, Opera 9.6, // Firefox 3, and Safari Windows 3.2.1. We originally tried to match // Firefox closely, however we now match Internet Explorer and Safari. const char* values[] = { // Trailing whitespace after a quoted value. The whitespace after // the quote is stripped in all browsers. "\"zzz \" ", "\"zzz \"", // Handling a quoted value with a ';', like FOO="zz;pp" ; // IE and Safari: "zz; // Firefox and Opera: "zz;pp" "\"zz;pp\" ;", "\"zz", // Handling a value with multiple quoted parts, like FOO="zzz " "ppp" ; // IE and Safari: "zzz " "ppp"; // Firefox: "zzz "; // Opera: "\"zzz \" \"ppp\" ", "\"zzz \" \"ppp\"", // A quote in a value that didn't start quoted. like FOO=A"B ; // IE, Safari, and Firefox: A"B; // Opera: "A\"B", "A\"B", }; for (size_t i = 0; i < arraysize(values); i += 2) { std::string input(values[i]); std::string expected(values[i + 1]); ParsedCookie pc("aBc=" + input + " ; path=\"/\" ; httponly "); EXPECT_TRUE(pc.IsValid()); EXPECT_FALSE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("aBc", pc.Name()); EXPECT_EQ(expected, pc.Value()); // If a path was quoted, the path attribute keeps the quotes. This will // make the cookie effectively useless, but path parameters aren't supposed // to be quoted. Bug 1261605. EXPECT_EQ("\"/\"", pc.Path()); } } TEST(ParsedCookieTest, TestNameless) { ParsedCookie pc("BLAHHH; path=/; secure;"); EXPECT_TRUE(pc.IsValid()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("/", pc.Path()); EXPECT_EQ("", pc.Name()); EXPECT_EQ("BLAHHH", pc.Value()); } TEST(ParsedCookieTest, TestAttributeCase) { ParsedCookie pc("BLAHHH; Path=/; sECuRe; httpONLY"); EXPECT_TRUE(pc.IsValid()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("/", pc.Path()); EXPECT_EQ("", pc.Name()); EXPECT_EQ("BLAHHH", pc.Value()); EXPECT_EQ(3U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, TestDoubleQuotedNameless) { ParsedCookie pc("\"BLA\\\"HHH\"; path=/; secure;"); EXPECT_TRUE(pc.IsValid()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("/", pc.Path()); EXPECT_EQ("", pc.Name()); EXPECT_EQ("\"BLA\\\"HHH\"", pc.Value()); EXPECT_EQ(2U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, QuoteOffTheEnd) { ParsedCookie pc("a=\"B"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("a", pc.Name()); EXPECT_EQ("\"B", pc.Value()); EXPECT_EQ(0U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, MissingName) { ParsedCookie pc("=ABC"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("", pc.Name()); EXPECT_EQ("ABC", pc.Value()); EXPECT_EQ(0U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, MissingValue) { ParsedCookie pc("ABC=; path = /wee"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("ABC", pc.Name()); EXPECT_EQ("", pc.Value()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("/wee", pc.Path()); EXPECT_EQ(1U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, Whitespace) { ParsedCookie pc(" A = BC ;secure;;; httponly"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("A", pc.Name()); EXPECT_EQ("BC", pc.Value()); EXPECT_FALSE(pc.HasPath()); EXPECT_FALSE(pc.HasDomain()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); // We parse anything between ; as attributes, so we end up with two // attributes with an empty string name and value. EXPECT_EQ(4U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, MultipleEquals) { ParsedCookie pc(" A=== BC ;secure;;; httponly"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("A", pc.Name()); EXPECT_EQ("== BC", pc.Value()); EXPECT_FALSE(pc.HasPath()); EXPECT_FALSE(pc.HasDomain()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); EXPECT_EQ(4U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, MACKey) { ParsedCookie pc("foo=bar; MAC-Key=3900ac9anw9incvw9f"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("foo", pc.Name()); EXPECT_EQ("bar", pc.Value()); EXPECT_EQ("3900ac9anw9incvw9f", pc.MACKey()); EXPECT_EQ(1U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, MACAlgorithm) { ParsedCookie pc("foo=bar; MAC-Algorithm=hmac-sha-1"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("foo", pc.Name()); EXPECT_EQ("bar", pc.Value()); EXPECT_EQ("hmac-sha-1", pc.MACAlgorithm()); EXPECT_EQ(1U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, MACKeyAndMACAlgorithm) { ParsedCookie pc( "foo=bar; MAC-Key=voiae-09fj0302nfqf; MAC-Algorithm=hmac-sha-256"); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("foo", pc.Name()); EXPECT_EQ("bar", pc.Value()); EXPECT_EQ("voiae-09fj0302nfqf", pc.MACKey()); EXPECT_EQ("hmac-sha-256", pc.MACAlgorithm()); EXPECT_EQ(2U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, QuotedTrailingWhitespace) { ParsedCookie pc("ANCUUID=\"zohNumRKgI0oxyhSsV3Z7D\" ; " "expires=Sun, 18-Apr-2027 21:06:29 GMT ; " "path=/ ; "); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("ANCUUID", pc.Name()); // Stripping whitespace after the quotes matches all other major browsers. EXPECT_EQ("\"zohNumRKgI0oxyhSsV3Z7D\"", pc.Value()); EXPECT_TRUE(pc.HasExpires()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("/", pc.Path()); EXPECT_EQ(2U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, TrailingWhitespace) { ParsedCookie pc("ANCUUID=zohNumRKgI0oxyhSsV3Z7D ; " "expires=Sun, 18-Apr-2027 21:06:29 GMT ; " "path=/ ; "); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("ANCUUID", pc.Name()); EXPECT_EQ("zohNumRKgI0oxyhSsV3Z7D", pc.Value()); EXPECT_TRUE(pc.HasExpires()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("/", pc.Path()); EXPECT_EQ(2U, pc.NumberOfAttributes()); } TEST(ParsedCookieTest, TooManyPairs) { std::string blankpairs; blankpairs.resize(ParsedCookie::kMaxPairs - 1, ';'); ParsedCookie pc1(blankpairs + "secure"); EXPECT_TRUE(pc1.IsValid()); EXPECT_TRUE(pc1.IsSecure()); ParsedCookie pc2(blankpairs + ";secure"); EXPECT_TRUE(pc2.IsValid()); EXPECT_FALSE(pc2.IsSecure()); } // TODO(erikwright): some better test cases for invalid cookies. TEST(ParsedCookieTest, InvalidWhitespace) { ParsedCookie pc(" "); EXPECT_FALSE(pc.IsValid()); } TEST(ParsedCookieTest, InvalidTooLong) { std::string maxstr; maxstr.resize(ParsedCookie::kMaxCookieSize, 'a'); ParsedCookie pc1(maxstr); EXPECT_TRUE(pc1.IsValid()); ParsedCookie pc2(maxstr + "A"); EXPECT_FALSE(pc2.IsValid()); } TEST(ParsedCookieTest, InvalidEmpty) { ParsedCookie pc(""); EXPECT_FALSE(pc.IsValid()); } TEST(ParsedCookieTest, EmbeddedTerminator) { ParsedCookie pc1("AAA=BB\0ZYX"); ParsedCookie pc2("AAA=BB\rZYX"); ParsedCookie pc3("AAA=BB\nZYX"); EXPECT_TRUE(pc1.IsValid()); EXPECT_EQ("AAA", pc1.Name()); EXPECT_EQ("BB", pc1.Value()); EXPECT_TRUE(pc2.IsValid()); EXPECT_EQ("AAA", pc2.Name()); EXPECT_EQ("BB", pc2.Value()); EXPECT_TRUE(pc3.IsValid()); EXPECT_EQ("AAA", pc3.Name()); EXPECT_EQ("BB", pc3.Value()); } TEST(ParsedCookieTest, ParseTokensAndValues) { EXPECT_EQ("hello", ParsedCookie::ParseTokenString("hello\nworld")); EXPECT_EQ("fs!!@", ParsedCookie::ParseTokenString("fs!!@;helloworld")); EXPECT_EQ("hello world\tgood", ParsedCookie::ParseTokenString("hello world\tgood\rbye")); EXPECT_EQ("A", ParsedCookie::ParseTokenString("A=B=C;D=E")); EXPECT_EQ("hello", ParsedCookie::ParseValueString("hello\nworld")); EXPECT_EQ("fs!!@", ParsedCookie::ParseValueString("fs!!@;helloworld")); EXPECT_EQ("hello world\tgood", ParsedCookie::ParseValueString("hello world\tgood\rbye")); EXPECT_EQ("A=B=C", ParsedCookie::ParseValueString("A=B=C;D=E")); } TEST(ParsedCookieTest, SerializeCookieLine) { const char input[] = "ANCUUID=zohNumRKgI0oxyhSsV3Z7D ; " "expires=Sun, 18-Apr-2027 21:06:29 GMT ; " "path=/ ; "; const char output[] = "ANCUUID=zohNumRKgI0oxyhSsV3Z7D; " "expires=Sun, 18-Apr-2027 21:06:29 GMT; " "path=/"; ParsedCookie pc(input); EXPECT_EQ(output, pc.ToCookieLine()); } TEST(ParsedCookieTest, SetNameAndValue) { ParsedCookie empty(""); EXPECT_FALSE(empty.IsValid()); EXPECT_FALSE(empty.SetDomain("foobar.com")); EXPECT_TRUE(empty.SetName("name")); EXPECT_TRUE(empty.SetValue("value")); EXPECT_EQ("name=value", empty.ToCookieLine()); EXPECT_TRUE(empty.IsValid()); // We don't test // ParsedCookie invalid("@foo=bar"); // EXPECT_FALSE(invalid.IsValid()); // here because we are slightly more tolerant to invalid cookie names and // values that are set by webservers. We only enforce a correct name and // value if set via SetName() and SetValue(). ParsedCookie pc("name=value"); EXPECT_TRUE(pc.IsValid()); // Set invalid name / value. EXPECT_FALSE(pc.SetName("@foobar")); EXPECT_EQ("name=value", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); EXPECT_FALSE(pc.SetName("")); EXPECT_EQ("name=value", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); EXPECT_FALSE(pc.SetValue("foo bar")); EXPECT_EQ("name=value", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); EXPECT_FALSE(pc.SetValue("\"foobar")); EXPECT_EQ("name=value", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); // Set valid name / value EXPECT_TRUE(pc.SetName("test")); EXPECT_EQ("test=value", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); EXPECT_TRUE(pc.SetValue("\"foobar\"")); EXPECT_EQ("test=\"foobar\"", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); EXPECT_TRUE(pc.SetValue("")); EXPECT_EQ("test=", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); } TEST(ParsedCookieTest, SetAttributes) { ParsedCookie pc("name=value"); EXPECT_TRUE(pc.IsValid()); // Clear an unset attribute. EXPECT_TRUE(pc.SetDomain("")); EXPECT_FALSE(pc.HasDomain()); EXPECT_EQ("name=value", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); // Set a string containing an invalid character EXPECT_FALSE(pc.SetDomain("foo;bar")); EXPECT_FALSE(pc.HasDomain()); EXPECT_EQ("name=value", pc.ToCookieLine()); EXPECT_TRUE(pc.IsValid()); // Set all other attributes and check that they are appended in order. EXPECT_TRUE(pc.SetDomain("domain.com")); EXPECT_TRUE(pc.SetPath("/")); EXPECT_TRUE(pc.SetMACKey("mackey")); EXPECT_TRUE(pc.SetMACAlgorithm("\"macalgorithm\"")); EXPECT_TRUE(pc.SetExpires("Sun, 18-Apr-2027 21:06:29 GMT")); EXPECT_TRUE(pc.SetMaxAge("12345")); EXPECT_TRUE(pc.SetIsSecure(true)); EXPECT_TRUE(pc.SetIsHttpOnly(true)); EXPECT_EQ("name=value; domain=domain.com; path=/; mac-key=mackey; " "mac-algorithm=\"macalgorithm\"; " "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; " "httponly", pc.ToCookieLine()); EXPECT_TRUE(pc.HasDomain()); EXPECT_TRUE(pc.HasPath()); EXPECT_TRUE(pc.HasMACKey()); EXPECT_TRUE(pc.HasMACAlgorithm()); EXPECT_TRUE(pc.HasExpires()); EXPECT_TRUE(pc.HasMaxAge()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); // Clear one attribute from the middle. EXPECT_TRUE(pc.SetMACAlgorithm("")); EXPECT_TRUE(pc.HasDomain()); EXPECT_TRUE(pc.HasPath()); EXPECT_TRUE(pc.HasMACKey()); EXPECT_FALSE(pc.HasMACAlgorithm()); EXPECT_TRUE(pc.HasExpires()); EXPECT_TRUE(pc.HasMaxAge()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); EXPECT_EQ("name=value; domain=domain.com; path=/; mac-key=mackey; " "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; " "httponly", pc.ToCookieLine()); // Clear the rest and change the name and value. EXPECT_TRUE(pc.SetDomain("")); EXPECT_TRUE(pc.SetPath("")); EXPECT_TRUE(pc.SetMACKey("")); EXPECT_TRUE(pc.SetMACAlgorithm("")); EXPECT_TRUE(pc.SetExpires("")); EXPECT_TRUE(pc.SetMaxAge("")); EXPECT_TRUE(pc.SetIsSecure(false)); EXPECT_TRUE(pc.SetIsHttpOnly(false)); EXPECT_TRUE(pc.SetName("name2")); EXPECT_TRUE(pc.SetValue("value2")); EXPECT_FALSE(pc.HasDomain()); EXPECT_FALSE(pc.HasPath()); EXPECT_FALSE(pc.HasMACKey()); EXPECT_FALSE(pc.HasMACAlgorithm()); EXPECT_FALSE(pc.HasExpires()); EXPECT_FALSE(pc.HasMaxAge()); EXPECT_FALSE(pc.IsSecure()); EXPECT_FALSE(pc.IsHttpOnly()); EXPECT_EQ("name2=value2", pc.ToCookieLine()); } } // namespace net