diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2010-11-19 14:24:35 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-01-05 15:19:49 (GMT) |
commit | 0c07af230d016aab6e416ae57594189ab9953101 (patch) | |
tree | 8c43ecdf2c622a8f5a9a6ee5bb96a36b9c90e3c5 /tests/auto | |
parent | 4836d809f5dc3fc9e978ef630c0e5c8847c171a7 (diff) | |
download | Qt-0c07af230d016aab6e416ae57594189ab9953101.zip Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.gz Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.bz2 |
cookie jar code: enhance security by keeping track of effective TLDs
The problem was the following: According to the cookie RFC, domains must
have at least one dot in their name for setting a cookie (e.g. domain
example.com can set a cookie for ".example.com" but not for ".com").
The problem is: Following this rule, one could still set "supercookies"
for e.g. ".co.uk".
The solution is to generate a table from
http://publicsuffix.org which maintains a list of all "effective" TLDs
like e.g. ".co.uk".
Reviewed-by: Olivier Goffart
Task-number: QTBUG-14706
Diffstat (limited to 'tests/auto')
-rw-r--r-- | tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp index 01b9c0c..6548158 100644 --- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp +++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp @@ -42,6 +42,7 @@ #include <QtTest/QtTest> #include <QtNetwork/QNetworkCookieJar> +#include "private/qnetworkcookiejar_p.h" class tst_QNetworkCookieJar: public QObject { @@ -53,6 +54,8 @@ private slots: void setCookiesFromUrl(); void cookiesForUrl_data(); void cookiesForUrl(); + void effectiveTLDs_data(); + void effectiveTLDs(); }; QT_BEGIN_NAMESPACE @@ -174,6 +177,31 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data() result += cookie; QTest::newRow("security-path-1") << preset << cookie << "http://www.foo.tld" << result << true; + // check effective TLDs + // 1. co.uk is an effective TLD, should be denied + result.clear(); + preset.clear(); + cookie.setPath("/"); + cookie.setDomain(".co.uk"); + QTest::newRow("effective-tld1-denied") << preset << cookie << "http://something.co.uk" << result << false; + cookie.setDomain("co.uk"); + QTest::newRow("effective-tld1-denied2") << preset << cookie << "http://something.co.uk" << result << false; + cookie.setDomain(".something.co.uk"); + result += cookie; + QTest::newRow("effective-tld1-accepted") << preset << cookie << "http://something.co.uk" << result << true; + + // 2. anything .ar is an effective TLD ('*.ar'), but 'gobiernoelectronico.ar' is an exception + result.clear(); + preset.clear(); + cookie.setDomain(".farmacia.ar"); + QTest::newRow("effective-tld2-denied") << preset << cookie << "http://farmacia.ar" << result << false; + QTest::newRow("effective-tld2-denied2") << preset << cookie << "http://www.farmacia.ar" << result << false; + QTest::newRow("effective-tld2-denied3") << preset << cookie << "http://www.anything.farmacia.ar" << result << false; + cookie.setDomain(".gobiernoelectronico.ar"); + result += cookie; + QTest::newRow("effective-tld2-accepted") << preset << cookie << "http://www.gobiernoelectronico.ar" << result << true; + + // setting the defaults: finalCookie = cookie; finalCookie.setPath("/something/"); @@ -334,6 +362,82 @@ void tst_QNetworkCookieJar::cookiesForUrl() QCOMPARE(result, expectedResult); } +void tst_QNetworkCookieJar::effectiveTLDs_data() +{ + QTest::addColumn<QString>("domain"); + QTest::addColumn<bool>("isTLD"); + + QTest::newRow("yes1") << "com" << true; + QTest::newRow("yes2") << "de" << true; + QTest::newRow("yes3") << "ulm.museum" << true; + QTest::newRow("yes4") << "krodsherad.no" << true; + QTest::newRow("yes5") << "1.bg" << true; + QTest::newRow("yes6") << "com.cn" << true; + QTest::newRow("yes7") << "org.ws" << true; + QTest::newRow("yes8") << "co.uk" << true; + QTest::newRow("yes9") << "wallonie.museum" << true; + + QTest::newRow("no1") << "anything.com" << false; + QTest::newRow("no2") << "anything.de" << false; + QTest::newRow("no3") << "eselsberg.ulm.museum" << false; + QTest::newRow("no4") << "noe.krodsherad.no" << false; + QTest::newRow("no5") << "2.1.bg" << false; + QTest::newRow("no6") << "foo.com.cn" << false; + QTest::newRow("no7") << "something.org.ws" << false; + QTest::newRow("no8") << "teatime.co.uk" << false; + QTest::newRow("no9") << "bla" << false; + QTest::newRow("no10") << "bla.bla" << false; + + const ushort s1[] = {0x74, 0x72, 0x61, 0x6e, 0xf8, 0x79, 0x2e, 0x6e, 0x6f, 0x00}; // xn--trany-yua.no + const ushort s2[] = {0x5d9, 0x5e8, 0x5d5, 0x5e9, 0x5dc, 0x5d9, 0x5dd, 0x2e, 0x6d, 0x75, 0x73, 0x65, 0x75, 0x6d, 0x00}; // xn--9dbhblg6di.museum + const ushort s3[] = {0x7ec4, 0x7e54, 0x2e, 0x68, 0x6b, 0x00}; // xn--mk0axi.hk + const ushort s4[] = {0x7f51, 0x7edc, 0x2e, 0x63, 0x6e, 0x00}; // xn--io0a7i.cn + const ushort s5[] = {0x72, 0xe1, 0x68, 0x6b, 0x6b, 0x65, 0x72, 0xe1, 0x76, 0x6a, 0x75, 0x2e, 0x6e, 0x6f, 0x00}; // xn--rhkkervju-01af.no + const ushort s6[] = {0xb9a, 0xbbf, 0xb99, 0xbcd, 0xb95, 0xbaa, 0xbcd, 0xbaa, 0xbc2, 0xbb0, 0xbcd, 0x00}; // xn--clchc0ea0b2g2a9gcd + const ushort s7[] = {0x627, 0x644, 0x627, 0x631, 0x62f, 0x646, 0x00}; // xn--mgbayh7gpa + const ushort s8[] = {0x63, 0x6f, 0x72, 0x72, 0x65, 0x69, 0x6f, 0x73, 0x2d, 0x65, 0x2d, 0x74, 0x65, 0x6c, 0x65, + 0x63, 0x6f, 0x6d, 0x75, 0x6e, 0x69, 0x63, 0x61, 0xe7, 0xf5, 0x65, 0x73, 0x2e, 0x6d, 0x75, + 0x73, 0x65, 0x75, 0x6d, 0x00}; // xn--correios-e-telecomunicaes-ghc29a.museum + QTest::newRow("yes-specialchars1") << QString::fromUtf16(s1) << true; + QTest::newRow("yes-specialchars2") << QString::fromUtf16(s2) << true; + QTest::newRow("yes-specialchars3") << QString::fromUtf16(s3) << true; + QTest::newRow("yes-specialchars4") << QString::fromUtf16(s4) << true; + QTest::newRow("yes-specialchars5") << QString::fromUtf16(s5) << true; + QTest::newRow("yes-specialchars6") << QString::fromUtf16(s6) << true; + QTest::newRow("yes-specialchars7") << QString::fromUtf16(s7) << true; + QTest::newRow("yes-specialchars8") << QString::fromUtf16(s8) << true; + + QTest::newRow("no-specialchars1") << QString::fromUtf16(s1).prepend("something") << false; + QTest::newRow("no-specialchars2") << QString::fromUtf16(s2).prepend(QString::fromUtf16(s2)) << false; + QTest::newRow("no-specialchars2.5") << QString::fromUtf16(s2).prepend("whatever") << false; + QTest::newRow("no-specialchars3") << QString::fromUtf16(s3).prepend("foo") << false; + QTest::newRow("no-specialchars4") << QString::fromUtf16(s4).prepend("bar") << false; + QTest::newRow("no-specialchars5") << QString::fromUtf16(s5).prepend(QString::fromUtf16(s2)) << false; + QTest::newRow("no-specialchars6") << QString::fromUtf16(s6).prepend(QLatin1Char('.') + QString::fromUtf16(s6)) << false; + QTest::newRow("no-specialchars7") << QString::fromUtf16(s7).prepend("bla") << false; + QTest::newRow("no-specialchars8") << QString::fromUtf16(s8).append("foo") << false; + + QTest::newRow("exception1") << "pref.iwate.jp" << false; + QTest::newRow("exception2") << "omanpost.om" << false; + QTest::newRow("exception3") << "omantel.om" << false; + QTest::newRow("exception4") << "gobiernoelectronico.ar" << false; + QTest::newRow("exception5") << "pref.ishikawa.jp" << false; + + QTest::newRow("yes-wildcard1") << "*.jm" << true; + QTest::newRow("yes-wildcard1.5") << "anything.jm" << true; + QTest::newRow("yes-wildcard2") << "something.kh" << true; + QTest::newRow("yes-wildcard3") << "whatever.uk" << true; + QTest::newRow("yes-wildcard4") << "anything.shizuoka.jp" << true; + QTest::newRow("yes-wildcard5") << "foo.sch.uk" << true; +} + +void tst_QNetworkCookieJar::effectiveTLDs() +{ + QFETCH(QString, domain); + QFETCH(bool, isTLD); + QCOMPARE(QNetworkCookieJarPrivate::isEffectiveTLD(domain), isTLD); +} + QTEST_MAIN(tst_QNetworkCookieJar) #include "tst_qnetworkcookiejar.moc" |