summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2015-03-13 07:09:35 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2015-03-13 07:09:35 (GMT)
commitf7cc3fccadae5f2bb764b16808806b7d1849871b (patch)
tree2424d9a9110ef8124aba9079d18646ddb49734f9
parent63623ac2529ce9f293784c06215b018664c74491 (diff)
parent577fc4e87f59b94f2e906c77654a44a2ee586c1e (diff)
downloadcpython-f7cc3fccadae5f2bb764b16808806b7d1849871b.zip
cpython-f7cc3fccadae5f2bb764b16808806b7d1849871b.tar.gz
cpython-f7cc3fccadae5f2bb764b16808806b7d1849871b.tar.bz2
Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.
Patch by Demian Brecht.
-rw-r--r--Lib/http/cookiejar.py46
-rw-r--r--Lib/test/test_http_cookiejar.py23
-rw-r--r--Misc/NEWS3
3 files changed, 57 insertions, 15 deletions
diff --git a/Lib/http/cookiejar.py b/Lib/http/cookiejar.py
index 22f2833..cc9e0be 100644
--- a/Lib/http/cookiejar.py
+++ b/Lib/http/cookiejar.py
@@ -472,26 +472,42 @@ def parse_ns_headers(ns_headers):
for ns_header in ns_headers:
pairs = []
version_set = False
- for ii, param in enumerate(re.split(r";\s*", ns_header)):
- param = param.rstrip()
- if param == "": continue
- if "=" not in param:
- k, v = param, None
- else:
- k, v = re.split(r"\s*=\s*", param, maxsplit=1)
- k = k.lstrip()
+
+ # XXX: The following does not strictly adhere to RFCs in that empty
+ # names and values are legal (the former will only appear once and will
+ # be overwritten if multiple occurrences are present). This is
+ # mostly to deal with backwards compatibility.
+ for ii, param in enumerate(ns_header.split(';')):
+ param = param.strip()
+
+ key, sep, val = param.partition('=')
+ key = key.strip()
+
+ if not key:
+ if ii == 0:
+ break
+ else:
+ continue
+
+ # allow for a distinction between present and empty and missing
+ # altogether
+ val = val.strip() if sep else None
+
if ii != 0:
- lc = k.lower()
+ lc = key.lower()
if lc in known_attrs:
- k = lc
- if k == "version":
+ key = lc
+
+ if key == "version":
# This is an RFC 2109 cookie.
- v = strip_quotes(v)
+ if val is not None:
+ val = strip_quotes(val)
version_set = True
- if k == "expires":
+ elif key == "expires":
# convert expires date to seconds since epoch
- v = http2time(strip_quotes(v)) # None if invalid
- pairs.append((k, v))
+ if val is not None:
+ val = http2time(strip_quotes(val)) # None if invalid
+ pairs.append((key, val))
if pairs:
if not version_set:
diff --git a/Lib/test/test_http_cookiejar.py b/Lib/test/test_http_cookiejar.py
index fb66f6f..e9f0356 100644
--- a/Lib/test/test_http_cookiejar.py
+++ b/Lib/test/test_http_cookiejar.py
@@ -479,6 +479,9 @@ class CookieTests(unittest.TestCase):
interact_netscape(c, "http://www.acme.com:80/", 'foo=bar; expires=')
interact_netscape(c, "http://www.acme.com:80/", 'spam=eggs; '
'expires="Foo Bar 25 33:22:11 3022"')
+ interact_netscape(c, 'http://www.acme.com/', 'fortytwo=')
+ interact_netscape(c, 'http://www.acme.com/', '=unladenswallow')
+ interact_netscape(c, 'http://www.acme.com/', 'holyhandgrenade')
cookie = c._cookies[".acme.com"]["/"]["spam"]
self.assertEqual(cookie.domain, ".acme.com")
@@ -505,6 +508,16 @@ class CookieTests(unittest.TestCase):
self.assertIsNone(foo.expires)
self.assertIsNone(spam.expires)
+ cookie = c._cookies['www.acme.com']['/']['fortytwo']
+ self.assertIsNotNone(cookie.value)
+ self.assertEqual(cookie.value, '')
+
+ # there should be a distinction between a present but empty value
+ # (above) and a value that's entirely missing (below)
+
+ cookie = c._cookies['www.acme.com']['/']['holyhandgrenade']
+ self.assertIsNone(cookie.value)
+
def test_ns_parser_special_names(self):
# names such as 'expires' are not special in first name=value pair
# of Set-Cookie: header
@@ -1080,6 +1093,13 @@ class CookieTests(unittest.TestCase):
parse_ns_headers(["foo"]),
[[("foo", None), ("version", "0")]]
)
+ # missing cookie values for parsed attributes
+ self.assertEqual(
+ parse_ns_headers(['foo=bar; expires']),
+ [[('foo', 'bar'), ('expires', None), ('version', '0')]])
+ self.assertEqual(
+ parse_ns_headers(['foo=bar; version']),
+ [[('foo', 'bar'), ('version', None)]])
# shouldn't add version if header is empty
self.assertEqual(parse_ns_headers([""]), [])
@@ -1092,6 +1112,8 @@ class CookieTests(unittest.TestCase):
c.extract_cookies(r, req)
return c
+ future = time2netscape(time.time()+3600)
+
# none of these bad headers should cause an exception to be raised
for headers in [
["Set-Cookie: "], # actually, nothing wrong with this
@@ -1102,6 +1124,7 @@ class CookieTests(unittest.TestCase):
["Set-Cookie: b=foo; max-age=oops"],
# bad version
["Set-Cookie: b=foo; version=spam"],
+ ["Set-Cookie:; Expires=%s" % future],
]:
c = cookiejar_from_cookie_headers(headers)
# these bad cookies shouldn't be set
diff --git a/Misc/NEWS b/Misc/NEWS
index 78fca4d..35265e1 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -18,6 +18,9 @@ Core and Builtins
Library
-------
+- Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.
+ Patch by Demian Brecht.
+
- Issue #23051: multiprocessing.Pool methods imap() and imap_unordered() now
handle exceptions raised by an iterator. Patch by Alon Diamant and Davin
Potts.