SF patch #1157027, cookielib mis-handles RFC 2109 cookies in Netscape mode

2 files changed, 55 insertions, 5 deletions

diff --git a/Lib/cookielib.py b/Lib/cookielib.py
index 656ae39..b84ca4a 100644
--- a/Lib/cookielib.py
+++ b/Lib/cookielib.py
@@ -460,10 +460,7 @@ def parse_ns_headers(ns_headers):
                 if lc in known_attrs:
                     k = lc
                 if k == "version":
-                    # This is an RFC 2109 cookie.  Will be treated as RFC 2965
-                    # cookie in rest of code.
-                    # Probably it should be parsed with split_header_words, but
-                    # that's too much hassle.
+                    # This is an RFC 2109 cookie.
                     version_set = True
                 if k == "expires":
                     # convert expires date to seconds since epoch
@@ -723,7 +720,9 @@ class Cookie:
                  discard,
                  comment,
                  comment_url,
-                 rest):
+                 rest,
+                 rfc2109=False,
+                 ):
 
         if version is not None: version = int(version)
         if expires is not None: expires = int(expires)
@@ -750,6 +749,7 @@ class Cookie:
         self.discard = discard
         self.comment = comment
         self.comment_url = comment_url
+        self.rfc2109 = rfc2109
 
         self._rest = copy.copy(rest)
 
@@ -787,6 +787,7 @@ class Cookie:
             attr = getattr(self, name)
             args.append("%s=%s" % (name, repr(attr)))
         args.append("rest=%s" % repr(self._rest))
+        args.append("rfc2109=%s" % repr(self.rfc2109))
         return "Cookie(%s)" % ", ".join(args)
 
 
@@ -836,6 +837,7 @@ class DefaultCookiePolicy(CookiePolicy):
     def __init__(self,
                  blocked_domains=None, allowed_domains=None,
                  netscape=True, rfc2965=False,
+                 rfc2109_as_netscape=None,
                  hide_cookie2=False,
                  strict_domain=False,
                  strict_rfc2965_unverifiable=True,
@@ -847,6 +849,7 @@ class DefaultCookiePolicy(CookiePolicy):
         """Constructor arguments should be passed as keyword arguments only."""
         self.netscape = netscape
         self.rfc2965 = rfc2965
+        self.rfc2109_as_netscape = rfc2109_as_netscape
         self.hide_cookie2 = hide_cookie2
         self.strict_domain = strict_domain
         self.strict_rfc2965_unverifiable = strict_rfc2965_unverifiable
@@ -1518,6 +1521,18 @@ class CookieJar:
             if cookie: cookies.append(cookie)
         return cookies
 
+    def _process_rfc2109_cookies(self, cookies):
+        rfc2109_as_ns = getattr(self._policy, 'rfc2109_as_netscape', None)
+        if rfc2109_as_ns is None:
+            rfc2109_as_ns = not self._policy.rfc2965
+        for cookie in cookies:
+            if cookie.version == 1:
+                cookie.rfc2109 = True
+                if rfc2109_as_ns: 
+                    # treat 2109 cookies as Netscape cookies rather than
+                    # as RFC2965 cookies
+                    cookie.version = 0
+
     def make_cookies(self, response, request):
         """Return sequence of Cookie objects extracted from response object."""
         # get cookie-attributes for RFC 2965 and Netscape protocols
@@ -1543,11 +1558,13 @@ class CookieJar:
 
         if ns_hdrs and netscape:
             try:
+                # RFC 2109 and Netscape cookies
                 ns_cookies = self._cookies_from_attrs_set(
                     parse_ns_headers(ns_hdrs), request)
             except:
                 reraise_unmasked_exceptions()
                 ns_cookies = []
+            self._process_rfc2109_cookies(ns_cookies)
 
             # Look for Netscape cookies (from Set-Cookie headers) that match
             # corresponding RFC 2965 cookies (from Set-Cookie2 headers).
diff --git a/Lib/test/test_cookielib.py b/Lib/test/test_cookielib.py
index f0c6683..49e7d47 100644
--- a/Lib/test/test_cookielib.py
+++ b/Lib/test/test_cookielib.py
@@ -386,6 +386,39 @@ class CookieTests(TestCase):
         self.assertEquals(interact_netscape(c, "http://www.acme.com/foo/"),
                           '"spam"; eggs')
 
+    def test_rfc2109_handling(self):
+        # RFC 2109 cookies are handled as RFC 2965 or Netscape cookies,
+        # dependent on policy settings
+        from cookielib import CookieJar, DefaultCookiePolicy
+
+        for rfc2109_as_netscape, rfc2965, version in [
+            # default according to rfc2965 if not explicitly specified
+            (None, False, 0),
+            (None, True, 1),
+            # explicit rfc2109_as_netscape
+            (False, False, None),  # version None here means no cookie stored
+            (False, True, 1),
+            (True, False, 0),
+            (True, True, 0),
+            ]:
+            policy = DefaultCookiePolicy(
+                rfc2109_as_netscape=rfc2109_as_netscape,
+                rfc2965=rfc2965)
+            c = CookieJar(policy)
+            interact_netscape(c, "http://www.example.com/", "ni=ni; Version=1")
+            try:
+                cookie = c._cookies["www.example.com"]["/"]["ni"]
+            except KeyError:
+                self.assert_(version is None)  # didn't expect a stored cookie
+            else:
+                self.assertEqual(cookie.version, version)
+                # 2965 cookies are unaffected
+                interact_2965(c, "http://www.example.com/",
+                              "foo=bar; Version=1")
+                if rfc2965:
+                    cookie2965 = c._cookies["www.example.com"]["/"]["foo"]
+                    self.assertEqual(cookie2965.version, 1)
+
     def test_ns_parser(self):
         from cookielib import CookieJar, DEFAULT_HTTP_PORT