unit test for new cookie path checks, per bug 373228.
authordwitte@stanford.edu
Mon, 07 May 2007 04:40:23 -0700
changeset 1239 6fc35f34dd2d80c6168de621ec593f5c9e3ba728
parent 1238 114763bf0d507f5157071b7e66b787ca6446e69e
child 1240 2c3e7600631a998acc03c5e86376a33f669ec55c
push idunknown
push userunknown
push dateunknown
bugs373228
milestone1.9a5pre
unit test for new cookie path checks, per bug 373228.
netwerk/test/TestCookie.cpp
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -277,17 +277,17 @@ main(PRInt32 argc, char *argv[])
        *    just know exactly what the returned string should be.
        * c) check whether the returned string contains/does not contain a given
        *    string. this is used where we don't know/don't care about the
        *    ordering of multiple cookies - we just want to make sure the cookie
        *    string contains them all, in some order.
        *
        * the results of each individual testing operation from CheckResult() is
        * stored in an array of bools, which is then checked against the expected
-       * outcomes (all successes), by PrintResult()). the overall result of all
+       * outcomes (all successes), by PrintResult(). the overall result of all
        * tests to date is kept in |allTestsPassed|, for convenient display at the
        * end.
        *
        * Interpreting the output:
        * each setting/getting operation will print output saying exactly what
        * it's doing and the outcome, respectively. this information is only
        * useful for debugging purposes; the actual result of the tests is
        * printed at the end of each block of tests. this will either be "all
@@ -401,17 +401,43 @@ main(PRInt32 argc, char *argv[])
       GetACookie(cookieService, "http://path.net/path", nsnull, getter_Copies(cookie));
       rv[10] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://path.net/foo", nsnull, getter_Copies(cookie));
       rv[11] = CheckResult(cookie.get(), MUST_EQUAL, "test=path");
       SetACookie(cookieService, "http://path.net/path/file", nsnull, "test=path; path=/foo/; max-age=-1", nsnull);
       GetACookie(cookieService, "http://path.net/foo/", nsnull, getter_Copies(cookie));
       rv[12] = CheckResult(cookie.get(), MUST_BE_NULL);
 
-      allTestsPassed = PrintResult(rv, 13) && allTestsPassed;
+      // bug 373228: make sure cookies with paths longer than 1024 bytes,
+      // and cookies with paths or names containing tabs, are rejected.
+      // the following cookie has a path > 1024 bytes explicitly specified in the cookie
+      SetACookie(cookieService, "http://path.net/", nsnull, "test=path; path=/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nsnull);
+      GetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890", nsnull, getter_Copies(cookie));
+      rv[13] = CheckResult(cookie.get(), MUST_BE_NULL);
+      // the following cookie has a path > 1024 bytes implicitly specified by the uri path
+      SetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nsnull, "test=path", nsnull);
+      GetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nsnull, getter_Copies(cookie));
+      rv[14] = CheckResult(cookie.get(), MUST_BE_NULL);
+      // the following cookie includes a tab in the path
+      SetACookie(cookieService, "http://path.net/", nsnull, "test=path; path=/foo\tbar/", nsnull);
+      GetACookie(cookieService, "http://path.net/foo\tbar/", nsnull, getter_Copies(cookie));
+      rv[15] = CheckResult(cookie.get(), MUST_BE_NULL);
+      // the following cookie includes a tab in the name
+      SetACookie(cookieService, "http://path.net/", nsnull, "test\ttabs=tab", nsnull);
+      GetACookie(cookieService, "http://path.net/", nsnull, getter_Copies(cookie));
+      rv[16] = CheckResult(cookie.get(), MUST_BE_NULL);
+      // the following cookie includes a tab in the value - allowed
+      SetACookie(cookieService, "http://path.net/", nsnull, "test=tab\ttest", nsnull);
+      GetACookie(cookieService, "http://path.net/", nsnull, getter_Copies(cookie));
+      rv[17] = CheckResult(cookie.get(), MUST_EQUAL, "test=tab\ttest");
+      SetACookie(cookieService, "http://path.net/", nsnull, "test=tab\ttest; max-age=-1", nsnull);
+      GetACookie(cookieService, "http://path.net/", nsnull, getter_Copies(cookie));
+      rv[18] = CheckResult(cookie.get(), MUST_BE_NULL);
+
+      allTestsPassed = PrintResult(rv, 19) && allTestsPassed;
 
 
       // *** expiry & deletion tests
       // XXX add server time str parsing tests here
       printf("*** Beginning expiry & deletion tests...\n");
 
       // test some variations of the expiry time,
       // and test deletion of previously set cookies