summaryrefslogtreecommitdiffstats
path: root/tests/auto
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2010-11-19 14:24:35 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2011-01-05 15:19:49 (GMT)
commit0c07af230d016aab6e416ae57594189ab9953101 (patch)
tree8c43ecdf2c622a8f5a9a6ee5bb96a36b9c90e3c5 /tests/auto
parent4836d809f5dc3fc9e978ef630c0e5c8847c171a7 (diff)
downloadQt-0c07af230d016aab6e416ae57594189ab9953101.zip
Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.gz
Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.bz2
cookie jar code: enhance security by keeping track of effective TLDs
The problem was the following: According to the cookie RFC, domains must have at least one dot in their name for setting a cookie (e.g. domain example.com can set a cookie for ".example.com" but not for ".com"). The problem is: Following this rule, one could still set "supercookies" for e.g. ".co.uk". The solution is to generate a table from http://publicsuffix.org which maintains a list of all "effective" TLDs like e.g. ".co.uk". Reviewed-by: Olivier Goffart Task-number: QTBUG-14706
Diffstat (limited to 'tests/auto')
-rw-r--r--tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp104
1 files changed, 104 insertions, 0 deletions
diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
index 01b9c0c..6548158 100644
--- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
+++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
@@ -42,6 +42,7 @@
#include <QtTest/QtTest>
#include <QtNetwork/QNetworkCookieJar>
+#include "private/qnetworkcookiejar_p.h"
class tst_QNetworkCookieJar: public QObject
{
@@ -53,6 +54,8 @@ private slots:
void setCookiesFromUrl();
void cookiesForUrl_data();
void cookiesForUrl();
+ void effectiveTLDs_data();
+ void effectiveTLDs();
};
QT_BEGIN_NAMESPACE
@@ -174,6 +177,31 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data()
result += cookie;
QTest::newRow("security-path-1") << preset << cookie << "http://www.foo.tld" << result << true;
+ // check effective TLDs
+ // 1. co.uk is an effective TLD, should be denied
+ result.clear();
+ preset.clear();
+ cookie.setPath("/");
+ cookie.setDomain(".co.uk");
+ QTest::newRow("effective-tld1-denied") << preset << cookie << "http://something.co.uk" << result << false;
+ cookie.setDomain("co.uk");
+ QTest::newRow("effective-tld1-denied2") << preset << cookie << "http://something.co.uk" << result << false;
+ cookie.setDomain(".something.co.uk");
+ result += cookie;
+ QTest::newRow("effective-tld1-accepted") << preset << cookie << "http://something.co.uk" << result << true;
+
+ // 2. anything .ar is an effective TLD ('*.ar'), but 'gobiernoelectronico.ar' is an exception
+ result.clear();
+ preset.clear();
+ cookie.setDomain(".farmacia.ar");
+ QTest::newRow("effective-tld2-denied") << preset << cookie << "http://farmacia.ar" << result << false;
+ QTest::newRow("effective-tld2-denied2") << preset << cookie << "http://www.farmacia.ar" << result << false;
+ QTest::newRow("effective-tld2-denied3") << preset << cookie << "http://www.anything.farmacia.ar" << result << false;
+ cookie.setDomain(".gobiernoelectronico.ar");
+ result += cookie;
+ QTest::newRow("effective-tld2-accepted") << preset << cookie << "http://www.gobiernoelectronico.ar" << result << true;
+
+
// setting the defaults:
finalCookie = cookie;
finalCookie.setPath("/something/");
@@ -334,6 +362,82 @@ void tst_QNetworkCookieJar::cookiesForUrl()
QCOMPARE(result, expectedResult);
}
+void tst_QNetworkCookieJar::effectiveTLDs_data()
+{
+ QTest::addColumn<QString>("domain");
+ QTest::addColumn<bool>("isTLD");
+
+ QTest::newRow("yes1") << "com" << true;
+ QTest::newRow("yes2") << "de" << true;
+ QTest::newRow("yes3") << "ulm.museum" << true;
+ QTest::newRow("yes4") << "krodsherad.no" << true;
+ QTest::newRow("yes5") << "1.bg" << true;
+ QTest::newRow("yes6") << "com.cn" << true;
+ QTest::newRow("yes7") << "org.ws" << true;
+ QTest::newRow("yes8") << "co.uk" << true;
+ QTest::newRow("yes9") << "wallonie.museum" << true;
+
+ QTest::newRow("no1") << "anything.com" << false;
+ QTest::newRow("no2") << "anything.de" << false;
+ QTest::newRow("no3") << "eselsberg.ulm.museum" << false;
+ QTest::newRow("no4") << "noe.krodsherad.no" << false;
+ QTest::newRow("no5") << "2.1.bg" << false;
+ QTest::newRow("no6") << "foo.com.cn" << false;
+ QTest::newRow("no7") << "something.org.ws" << false;
+ QTest::newRow("no8") << "teatime.co.uk" << false;
+ QTest::newRow("no9") << "bla" << false;
+ QTest::newRow("no10") << "bla.bla" << false;
+
+ const ushort s1[] = {0x74, 0x72, 0x61, 0x6e, 0xf8, 0x79, 0x2e, 0x6e, 0x6f, 0x00}; // xn--trany-yua.no
+ const ushort s2[] = {0x5d9, 0x5e8, 0x5d5, 0x5e9, 0x5dc, 0x5d9, 0x5dd, 0x2e, 0x6d, 0x75, 0x73, 0x65, 0x75, 0x6d, 0x00}; // xn--9dbhblg6di.museum
+ const ushort s3[] = {0x7ec4, 0x7e54, 0x2e, 0x68, 0x6b, 0x00}; // xn--mk0axi.hk
+ const ushort s4[] = {0x7f51, 0x7edc, 0x2e, 0x63, 0x6e, 0x00}; // xn--io0a7i.cn
+ const ushort s5[] = {0x72, 0xe1, 0x68, 0x6b, 0x6b, 0x65, 0x72, 0xe1, 0x76, 0x6a, 0x75, 0x2e, 0x6e, 0x6f, 0x00}; // xn--rhkkervju-01af.no
+ const ushort s6[] = {0xb9a, 0xbbf, 0xb99, 0xbcd, 0xb95, 0xbaa, 0xbcd, 0xbaa, 0xbc2, 0xbb0, 0xbcd, 0x00}; // xn--clchc0ea0b2g2a9gcd
+ const ushort s7[] = {0x627, 0x644, 0x627, 0x631, 0x62f, 0x646, 0x00}; // xn--mgbayh7gpa
+ const ushort s8[] = {0x63, 0x6f, 0x72, 0x72, 0x65, 0x69, 0x6f, 0x73, 0x2d, 0x65, 0x2d, 0x74, 0x65, 0x6c, 0x65,
+ 0x63, 0x6f, 0x6d, 0x75, 0x6e, 0x69, 0x63, 0x61, 0xe7, 0xf5, 0x65, 0x73, 0x2e, 0x6d, 0x75,
+ 0x73, 0x65, 0x75, 0x6d, 0x00}; // xn--correios-e-telecomunicaes-ghc29a.museum
+ QTest::newRow("yes-specialchars1") << QString::fromUtf16(s1) << true;
+ QTest::newRow("yes-specialchars2") << QString::fromUtf16(s2) << true;
+ QTest::newRow("yes-specialchars3") << QString::fromUtf16(s3) << true;
+ QTest::newRow("yes-specialchars4") << QString::fromUtf16(s4) << true;
+ QTest::newRow("yes-specialchars5") << QString::fromUtf16(s5) << true;
+ QTest::newRow("yes-specialchars6") << QString::fromUtf16(s6) << true;
+ QTest::newRow("yes-specialchars7") << QString::fromUtf16(s7) << true;
+ QTest::newRow("yes-specialchars8") << QString::fromUtf16(s8) << true;
+
+ QTest::newRow("no-specialchars1") << QString::fromUtf16(s1).prepend("something") << false;
+ QTest::newRow("no-specialchars2") << QString::fromUtf16(s2).prepend(QString::fromUtf16(s2)) << false;
+ QTest::newRow("no-specialchars2.5") << QString::fromUtf16(s2).prepend("whatever") << false;
+ QTest::newRow("no-specialchars3") << QString::fromUtf16(s3).prepend("foo") << false;
+ QTest::newRow("no-specialchars4") << QString::fromUtf16(s4).prepend("bar") << false;
+ QTest::newRow("no-specialchars5") << QString::fromUtf16(s5).prepend(QString::fromUtf16(s2)) << false;
+ QTest::newRow("no-specialchars6") << QString::fromUtf16(s6).prepend(QLatin1Char('.') + QString::fromUtf16(s6)) << false;
+ QTest::newRow("no-specialchars7") << QString::fromUtf16(s7).prepend("bla") << false;
+ QTest::newRow("no-specialchars8") << QString::fromUtf16(s8).append("foo") << false;
+
+ QTest::newRow("exception1") << "pref.iwate.jp" << false;
+ QTest::newRow("exception2") << "omanpost.om" << false;
+ QTest::newRow("exception3") << "omantel.om" << false;
+ QTest::newRow("exception4") << "gobiernoelectronico.ar" << false;
+ QTest::newRow("exception5") << "pref.ishikawa.jp" << false;
+
+ QTest::newRow("yes-wildcard1") << "*.jm" << true;
+ QTest::newRow("yes-wildcard1.5") << "anything.jm" << true;
+ QTest::newRow("yes-wildcard2") << "something.kh" << true;
+ QTest::newRow("yes-wildcard3") << "whatever.uk" << true;
+ QTest::newRow("yes-wildcard4") << "anything.shizuoka.jp" << true;
+ QTest::newRow("yes-wildcard5") << "foo.sch.uk" << true;
+}
+
+void tst_QNetworkCookieJar::effectiveTLDs()
+{
+ QFETCH(QString, domain);
+ QFETCH(bool, isTLD);
+ QCOMPARE(QNetworkCookieJarPrivate::isEffectiveTLD(domain), isTLD);
+}
+
QTEST_MAIN(tst_QNetworkCookieJar)
#include "tst_qnetworkcookiejar.moc"