1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6
7 #include "base/test/scoped_feature_list.h"
8 #include "net/base/features.h"
9 #include "net/cookies/cookie_constants.h"
10 #include "net/cookies/cookie_inclusion_status.h"
11 #include "net/cookies/parsed_cookie.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13
14 namespace net {
15
TEST(ParsedCookieTest,TestBasic)16 TEST(ParsedCookieTest, TestBasic) {
17 ParsedCookie pc1("a=b");
18 EXPECT_TRUE(pc1.IsValid());
19 EXPECT_FALSE(pc1.IsSecure());
20 EXPECT_FALSE(pc1.IsHttpOnly());
21 EXPECT_FALSE(pc1.IsSameParty());
22 EXPECT_FALSE(pc1.IsPartitioned());
23 EXPECT_EQ("a", pc1.Name());
24 EXPECT_EQ("b", pc1.Value());
25 EXPECT_FALSE(pc1.HasPath());
26 EXPECT_FALSE(pc1.HasDomain());
27 EXPECT_FALSE(pc1.HasExpires());
28 EXPECT_FALSE(pc1.HasMaxAge());
29 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc1.SameSite());
30 EXPECT_EQ(CookiePriority::COOKIE_PRIORITY_DEFAULT, pc1.Priority());
31
32 ParsedCookie pc2(
33 "c=d; secure; httponly; sameparty; path=/foo; domain=bar.test; "
34 "max-age=60; samesite=lax; priority=high; partitioned;");
35 EXPECT_TRUE(pc2.IsValid());
36 EXPECT_TRUE(pc2.IsSecure());
37 EXPECT_TRUE(pc2.IsHttpOnly());
38 EXPECT_TRUE(pc2.IsSameParty());
39 EXPECT_TRUE(pc2.IsPartitioned());
40 EXPECT_EQ("c", pc2.Name());
41 EXPECT_EQ("d", pc2.Value());
42 EXPECT_TRUE(pc2.HasPath());
43 EXPECT_EQ("/foo", pc2.Path());
44 EXPECT_TRUE(pc2.HasDomain());
45 EXPECT_EQ("bar.test", pc2.Domain());
46 EXPECT_FALSE(pc2.HasExpires());
47 EXPECT_TRUE(pc2.HasMaxAge());
48 EXPECT_EQ("60", pc2.MaxAge());
49 EXPECT_EQ(CookieSameSite::LAX_MODE, pc2.SameSite());
50 EXPECT_EQ(CookiePriority::COOKIE_PRIORITY_HIGH, pc2.Priority());
51 }
52
TEST(ParsedCookieTest,TestEmpty)53 TEST(ParsedCookieTest, TestEmpty) {
54 const char* kTestCookieLines[]{"", " ", "=", "=;", " =;",
55 "= ;", " = ;", ";", " ;", " ; ",
56 "\t", "\t;", "\t=\t", "\t=", "=\t"};
57
58 for (const char* test : kTestCookieLines) {
59 ParsedCookie pc(test);
60 EXPECT_FALSE(pc.IsValid());
61 }
62 }
63
TEST(ParsedCookieTest,TestSetEmptyNameValue)64 TEST(ParsedCookieTest, TestSetEmptyNameValue) {
65 ParsedCookie empty("");
66 EXPECT_FALSE(empty.IsValid());
67 EXPECT_FALSE(empty.SetName(""));
68 EXPECT_FALSE(empty.SetValue(""));
69 EXPECT_FALSE(empty.IsValid());
70
71 ParsedCookie empty_value("name=");
72 EXPECT_TRUE(empty_value.IsValid());
73 EXPECT_EQ("name", empty_value.Name());
74 EXPECT_FALSE(empty_value.SetName(""));
75 EXPECT_EQ("name", empty_value.Name());
76 EXPECT_TRUE(empty_value.IsValid());
77
78 ParsedCookie empty_name("value");
79 EXPECT_TRUE(empty_name.IsValid());
80 EXPECT_EQ("value", empty_name.Value());
81 EXPECT_FALSE(empty_name.SetValue(""));
82 EXPECT_EQ("value", empty_name.Value());
83 EXPECT_TRUE(empty_name.IsValid());
84 }
85
TEST(ParsedCookieTest,ParseValueStrings)86 TEST(ParsedCookieTest, ParseValueStrings) {
87 std::string valid_values[] = {
88 "httpONLY", "1%7C1624663551161", "<K0<r<C_<G_<S0",
89 "lastRequest=1624663552846&activeDays=%5B0%2C0", "si=8da88dce-5fee-4835"};
90 for (const auto& value : valid_values) {
91 EXPECT_EQ(ParsedCookie::ParseValueString(value), value);
92 EXPECT_TRUE(ParsedCookie::ValueMatchesParsedValue(value));
93 }
94
95 std::string invalid_values[] = {
96 "\nhttpONLYsecure", // Newline char at start
97 "httpONLY\nsecure", // Newline char in middle
98 "httpONLYsecure\n", // Newline char at end
99 "\r<K0<r<C_<G_<S0", // Carriage return at start
100 "<K0<r\r<C_<G_<S0", // Carriage return in middle
101 "<K0<r<C_<G_<S0\r", // Carriage return at end
102 ";lastRequest=1624663552846", // Token separator at start
103 "lastRequest=1624663552846; activeDays=%5B0%2C0", // Token separator in
104 // middle
105 std::string("\0abcdef", 7), // 0 byte at start
106 std::string("abc\0def", 7), // 0 byte in middle
107 std::string("abcdef\0", 7)}; // 0 byte at end
108 for (const auto& value : invalid_values) {
109 EXPECT_NE(ParsedCookie::ParseValueString(value), value);
110 EXPECT_FALSE(ParsedCookie::ValueMatchesParsedValue(value));
111 }
112
113 // Strings with leading whitespace should parse OK but
114 // ValueMatchesParsedValue() should fail.
115 std::string leading_whitespace_values[] = {
116 " 1%7C1624663551161", // Space at start
117 "\t1%7C1624663551161", // Tab at start
118 };
119 for (const auto& value : leading_whitespace_values) {
120 EXPECT_TRUE(ParsedCookie::ParseValueString(value).length() ==
121 value.length() - 1);
122 EXPECT_FALSE(ParsedCookie::ValueMatchesParsedValue(value));
123 }
124
125 // Strings with trailing whitespace or the separator character should parse OK
126 // but ValueMatchesParsedValue() should fail.
127 std::string valid_values_with_trailing_chars[] = {
128 "lastRequest=1624663552846 ", // Space at end
129 "lastRequest=1624663552846\t", // Tab at end
130 "lastRequest=1624663552846;", // Token separator at end
131 };
132 const size_t valid_value_length =
133 valid_values_with_trailing_chars[0].length() - 1;
134 for (const auto& value : valid_values_with_trailing_chars) {
135 EXPECT_TRUE(ParsedCookie::ParseValueString(value).length() ==
136 valid_value_length);
137 EXPECT_FALSE(ParsedCookie::ValueMatchesParsedValue(value));
138 }
139
140 // A valid value (truncated after the ';') but parses out to a substring.
141 std::string value_with_separator_in_middle(
142 "lastRequest=1624663552846; activeDays=%5B0%2C0");
143 EXPECT_TRUE(
144 ParsedCookie::ParseValueString(value_with_separator_in_middle).length() ==
145 value_with_separator_in_middle.find(';'));
146 EXPECT_FALSE(
147 ParsedCookie::ValueMatchesParsedValue(value_with_separator_in_middle));
148 }
149
TEST(ParsedCookieTest,TestQuoted)150 TEST(ParsedCookieTest, TestQuoted) {
151 // These are some quoting cases which the major browsers all
152 // handle differently. I've tested Internet Explorer 6, Opera 9.6,
153 // Firefox 3, and Safari Windows 3.2.1. We originally tried to match
154 // Firefox closely, however we now match Internet Explorer and Safari.
155 const struct {
156 const char* input;
157 const char* expected;
158 } kTests[] = {
159 // Trailing whitespace after a quoted value. The whitespace after
160 // the quote is stripped in all browsers.
161 {"\"zzz \" ", "\"zzz \""},
162 // Handling a quoted value with a ';', like FOO="zz;pp" ;
163 // IE and Safari: "zz;
164 // Firefox and Opera: "zz;pp"
165 {"\"zz;pp\" ;", "\"zz"},
166 // Handling a value with multiple quoted parts, like FOO="zzz " "ppp" ;
167 // IE and Safari: "zzz " "ppp";
168 // Firefox: "zzz ";
169 // Opera: <rejects cookie>
170 {
171 "\"zzz \" \"ppp\" ",
172 "\"zzz \" \"ppp\"",
173 },
174 // A quote in a value that didn't start quoted. like FOO=A"B ;
175 // IE, Safari, and Firefox: A"B;
176 // Opera: <rejects cookie>
177 {
178 "A\"B",
179 "A\"B",
180 }};
181
182 for (const auto& test : kTests) {
183 ParsedCookie pc(std::string("aBc=") + test.input +
184 " ; path=\"/\" ; httponly ");
185 EXPECT_TRUE(pc.IsValid());
186 EXPECT_FALSE(pc.IsSecure());
187 EXPECT_TRUE(pc.IsHttpOnly());
188 EXPECT_TRUE(pc.HasPath());
189 EXPECT_EQ("aBc", pc.Name());
190 EXPECT_EQ(test.expected, pc.Value());
191
192 EXPECT_TRUE(pc.SetValue(pc.Value()));
193 EXPECT_EQ(test.expected, pc.Value());
194
195 // If a path was quoted, the path attribute keeps the quotes. This will
196 // make the cookie effectively useless, but path parameters aren't
197 // supposed to be quoted. Bug 1261605.
198 EXPECT_EQ("\"/\"", pc.Path());
199 }
200 }
201
TEST(ParsedCookieTest,TestNameless)202 TEST(ParsedCookieTest, TestNameless) {
203 ParsedCookie pc("BLAHHH; path=/; secure;");
204 EXPECT_TRUE(pc.IsValid());
205 EXPECT_TRUE(pc.IsSecure());
206 EXPECT_TRUE(pc.HasPath());
207 EXPECT_EQ("/", pc.Path());
208 EXPECT_EQ("", pc.Name());
209 EXPECT_EQ("BLAHHH", pc.Value());
210 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
211 }
212
TEST(ParsedCookieTest,TestAttributeCase)213 TEST(ParsedCookieTest, TestAttributeCase) {
214 ParsedCookie pc(
215 "BLAH; Path=/; sECuRe; httpONLY; sAmESitE=LaX; pRIoRitY=hIgH; samePaRtY; "
216 "pARTitIoNeD;");
217 EXPECT_TRUE(pc.IsValid());
218 EXPECT_TRUE(pc.IsSecure());
219 EXPECT_TRUE(pc.IsHttpOnly());
220 EXPECT_TRUE(pc.IsSameParty());
221 EXPECT_TRUE(pc.IsPartitioned());
222 EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite());
223 EXPECT_TRUE(pc.HasPath());
224 EXPECT_EQ("/", pc.Path());
225 EXPECT_EQ("", pc.Name());
226 EXPECT_EQ("BLAH", pc.Value());
227 EXPECT_EQ(COOKIE_PRIORITY_HIGH, pc.Priority());
228 EXPECT_EQ(7U, pc.NumberOfAttributes());
229 }
230
TEST(ParsedCookieTest,TestDoubleQuotedNameless)231 TEST(ParsedCookieTest, TestDoubleQuotedNameless) {
232 ParsedCookie pc("\"BLA\\\"HHH\"; path=/; secure;");
233 EXPECT_TRUE(pc.IsValid());
234 EXPECT_TRUE(pc.IsSecure());
235 EXPECT_TRUE(pc.HasPath());
236 EXPECT_EQ("/", pc.Path());
237 EXPECT_EQ("", pc.Name());
238 EXPECT_EQ("\"BLA\\\"HHH\"", pc.Value());
239 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
240 EXPECT_EQ(2U, pc.NumberOfAttributes());
241 }
242
TEST(ParsedCookieTest,QuoteOffTheEnd)243 TEST(ParsedCookieTest, QuoteOffTheEnd) {
244 ParsedCookie pc("a=\"B");
245 EXPECT_TRUE(pc.IsValid());
246 EXPECT_EQ("a", pc.Name());
247 EXPECT_EQ("\"B", pc.Value());
248 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
249 EXPECT_EQ(0U, pc.NumberOfAttributes());
250 }
251
TEST(ParsedCookieTest,MissingName)252 TEST(ParsedCookieTest, MissingName) {
253 ParsedCookie pc("=ABC");
254 EXPECT_TRUE(pc.IsValid());
255 EXPECT_EQ("", pc.Name());
256 EXPECT_EQ("ABC", pc.Value());
257 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
258 EXPECT_EQ(0U, pc.NumberOfAttributes());
259
260 // Ensure that a preceding equal sign is emitted in the cookie line.
261
262 // Note that this goes against what's specified in RFC6265bis and differs from
263 // how CanonicalCookie produces cookie lines. As currently written (draft 9),
264 // the spec says that a cookie with an empty name should not prepend an '='
265 // character when writing out the cookie line, but in the case where the value
266 // already contains an equal sign the cookie line will be parsed incorrectly
267 // on the receiving end. ParsedCookie.ToCookieLine is only used by the
268 // extensions API to feed modified cookies into a network request for
269 // reparsing, though, so here it's more important that the values always
270 // deserialize correctly than conform to the spec
271 ParsedCookie pc2("=ABC");
272 EXPECT_EQ("=ABC", pc2.ToCookieLine());
273 EXPECT_TRUE(pc2.SetValue("param=value"));
274 EXPECT_EQ("=param=value", pc2.ToCookieLine());
275 ParsedCookie pc3("=param=value");
276 EXPECT_EQ("", pc3.Name());
277 EXPECT_EQ("param=value", pc3.Value());
278 EXPECT_EQ("=param=value", pc3.ToCookieLine());
279 }
280
TEST(ParsedCookieTest,MissingValue)281 TEST(ParsedCookieTest, MissingValue) {
282 ParsedCookie pc("ABC=; path = /wee");
283 EXPECT_TRUE(pc.IsValid());
284 EXPECT_EQ("ABC", pc.Name());
285 EXPECT_EQ("", pc.Value());
286 EXPECT_TRUE(pc.HasPath());
287 EXPECT_EQ("/wee", pc.Path());
288 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
289 EXPECT_EQ(1U, pc.NumberOfAttributes());
290
291 // Ensure that a trailing equal sign is emitted in the cookie line
292 ParsedCookie pc2("ABC=");
293 EXPECT_EQ("ABC=", pc2.ToCookieLine());
294 }
295
TEST(ParsedCookieTest,Whitespace)296 TEST(ParsedCookieTest, Whitespace) {
297 ParsedCookie pc(" A = BC ;secure;;; samesite = lax ");
298 EXPECT_TRUE(pc.IsValid());
299 EXPECT_EQ("A", pc.Name());
300 EXPECT_EQ("BC", pc.Value());
301 EXPECT_FALSE(pc.HasPath());
302 EXPECT_FALSE(pc.HasDomain());
303 EXPECT_TRUE(pc.IsSecure());
304 EXPECT_FALSE(pc.IsHttpOnly());
305 EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite());
306 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
307 // We parse anything between ; as attributes, so we end up with two
308 // attributes with an empty string name and value.
309 EXPECT_EQ(4U, pc.NumberOfAttributes());
310 }
TEST(ParsedCookieTest,MultipleEquals)311 TEST(ParsedCookieTest, MultipleEquals) {
312 ParsedCookie pc(" A=== BC ;secure;;; httponly");
313 EXPECT_TRUE(pc.IsValid());
314 EXPECT_EQ("A", pc.Name());
315 EXPECT_EQ("== BC", pc.Value());
316 EXPECT_FALSE(pc.HasPath());
317 EXPECT_FALSE(pc.HasDomain());
318 EXPECT_TRUE(pc.IsSecure());
319 EXPECT_TRUE(pc.IsHttpOnly());
320 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite());
321 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
322 EXPECT_EQ(4U, pc.NumberOfAttributes());
323 }
324
TEST(ParsedCookieTest,QuotedTrailingWhitespace)325 TEST(ParsedCookieTest, QuotedTrailingWhitespace) {
326 ParsedCookie pc(
327 "ANCUUID=\"zohNumRKgI0oxyhSsV3Z7D\" ; "
328 "expires=Sun, 18-Apr-2027 21:06:29 GMT ; "
329 "path=/ ; ");
330 EXPECT_TRUE(pc.IsValid());
331 EXPECT_EQ("ANCUUID", pc.Name());
332 // Stripping whitespace after the quotes matches all other major browsers.
333 EXPECT_EQ("\"zohNumRKgI0oxyhSsV3Z7D\"", pc.Value());
334 EXPECT_TRUE(pc.HasExpires());
335 EXPECT_TRUE(pc.HasPath());
336 EXPECT_EQ("/", pc.Path());
337 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
338 EXPECT_EQ(2U, pc.NumberOfAttributes());
339 }
340
TEST(ParsedCookieTest,TrailingWhitespace)341 TEST(ParsedCookieTest, TrailingWhitespace) {
342 ParsedCookie pc(
343 "ANCUUID=zohNumRKgI0oxyhSsV3Z7D ; "
344 "expires=Sun, 18-Apr-2027 21:06:29 GMT ; "
345 "path=/ ; ");
346 EXPECT_TRUE(pc.IsValid());
347 EXPECT_EQ("ANCUUID", pc.Name());
348 EXPECT_EQ("zohNumRKgI0oxyhSsV3Z7D", pc.Value());
349 EXPECT_TRUE(pc.HasExpires());
350 EXPECT_TRUE(pc.HasPath());
351 EXPECT_EQ("/", pc.Path());
352 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
353 EXPECT_EQ(2U, pc.NumberOfAttributes());
354 }
355
TEST(ParsedCookieTest,LotsOfPairs)356 TEST(ParsedCookieTest, LotsOfPairs) {
357 for (int i = 1; i < 100; i++) {
358 std::string blankpairs;
359 blankpairs.resize(i, ';');
360
361 ParsedCookie c("a=b;" + blankpairs + "secure");
362 EXPECT_EQ("a", c.Name());
363 EXPECT_EQ("b", c.Value());
364 EXPECT_TRUE(c.IsValid());
365 EXPECT_TRUE(c.IsSecure());
366 }
367 }
368
TEST(ParsedCookieTest,EnforceSizeConstraints)369 TEST(ParsedCookieTest, EnforceSizeConstraints) {
370 CookieInclusionStatus status;
371
372 // Create maximum size and one-less-than-maximum size name and value
373 // strings for testing.
374 std::string max_name(ParsedCookie::kMaxCookieNamePlusValueSize, 'a');
375 std::string max_value(ParsedCookie::kMaxCookieNamePlusValueSize, 'b');
376 std::string almost_max_name = max_name.substr(1, std::string::npos);
377 std::string almost_max_value = max_value.substr(1, std::string::npos);
378
379 // Test name + value size limits enforced by the constructor.
380 ParsedCookie pc1(max_name + "=");
381 EXPECT_TRUE(pc1.IsValid());
382 EXPECT_EQ(max_name, pc1.Name());
383
384 ParsedCookie pc2(max_name + "=; path=/foo;");
385 EXPECT_TRUE(pc2.IsValid());
386 EXPECT_EQ(max_name, pc2.Name());
387
388 ParsedCookie pc3(max_name + "X=", &status);
389 EXPECT_FALSE(pc3.IsValid());
390 EXPECT_TRUE(status.HasOnlyExclusionReason(
391 CookieInclusionStatus::ExclusionReason::
392 EXCLUDE_NAME_VALUE_PAIR_EXCEEDS_MAX_SIZE));
393
394 ParsedCookie pc4("=" + max_value);
395 EXPECT_TRUE(pc4.IsValid());
396 EXPECT_EQ(max_value, pc4.Value());
397
398 ParsedCookie pc5("=" + max_value + "; path=/foo;");
399 EXPECT_TRUE(pc5.IsValid());
400 EXPECT_EQ(max_value, pc5.Value());
401
402 ParsedCookie pc6("=" + max_value + "X", &status);
403 EXPECT_FALSE(pc6.IsValid());
404 EXPECT_TRUE(status.HasOnlyExclusionReason(
405 CookieInclusionStatus::ExclusionReason::
406 EXCLUDE_NAME_VALUE_PAIR_EXCEEDS_MAX_SIZE));
407
408 ParsedCookie pc7(almost_max_name + "=x");
409 EXPECT_TRUE(pc7.IsValid());
410 EXPECT_EQ(almost_max_name, pc7.Name());
411 EXPECT_EQ("x", pc7.Value());
412
413 ParsedCookie pc8(almost_max_name + "=x; path=/foo;");
414 EXPECT_TRUE(pc8.IsValid());
415 EXPECT_EQ(almost_max_name, pc8.Name());
416 EXPECT_EQ("x", pc8.Value());
417
418 ParsedCookie pc9(almost_max_name + "=xX", &status);
419 EXPECT_FALSE(pc9.IsValid());
420 EXPECT_TRUE(status.HasOnlyExclusionReason(
421 CookieInclusionStatus::ExclusionReason::
422 EXCLUDE_NAME_VALUE_PAIR_EXCEEDS_MAX_SIZE));
423
424 ParsedCookie pc10("x=" + almost_max_value);
425 EXPECT_TRUE(pc10.IsValid());
426 EXPECT_EQ("x", pc10.Name());
427 EXPECT_EQ(almost_max_value, pc10.Value());
428
429 ParsedCookie pc11("x=" + almost_max_value + "; path=/foo;");
430 EXPECT_TRUE(pc11.IsValid());
431 EXPECT_EQ("x", pc11.Name());
432 EXPECT_EQ(almost_max_value, pc11.Value());
433
434 ParsedCookie pc12("xX=" + almost_max_value, &status);
435 EXPECT_FALSE(pc12.IsValid());
436 EXPECT_TRUE(status.HasOnlyExclusionReason(
437 CookieInclusionStatus::ExclusionReason::
438 EXCLUDE_NAME_VALUE_PAIR_EXCEEDS_MAX_SIZE));
439
440 // Test attribute value size limits enforced by the constructor.
441 std::string almost_max_path(ParsedCookie::kMaxCookieAttributeValueSize - 1,
442 'c');
443 std::string max_path = "/" + almost_max_path;
444 std::string too_long_path = "/X" + almost_max_path;
445
446 ParsedCookie pc20("name=value; path=" + max_path);
447 EXPECT_TRUE(pc20.IsValid());
448 EXPECT_TRUE(pc20.HasPath());
449 EXPECT_EQ("/" + almost_max_path, pc20.Path());
450
451 ParsedCookie pc21("name=value; path=" + too_long_path, &status);
452 EXPECT_TRUE(pc21.IsValid());
453 EXPECT_FALSE(pc21.HasPath());
454 EXPECT_TRUE(status.HasWarningReason(
455 CookieInclusionStatus::WARN_ATTRIBUTE_VALUE_EXCEEDS_MAX_SIZE));
456
457 // NOTE: max_domain is based on the max attribute value as defined in
458 // RFC6525bis, but this is larger than what is recommended by RFC1123.
459 // In theory some browsers could restrict domains to that smaller size,
460 // but ParsedCookie doesn't.
461 std::string max_domain(ParsedCookie::kMaxCookieAttributeValueSize, 'd');
462 max_domain.replace(ParsedCookie::kMaxCookieAttributeValueSize - 4, 4, ".com");
463 std::string too_long_domain = "x" + max_domain;
464
465 ParsedCookie pc30("name=value; domain=" + max_domain);
466 EXPECT_TRUE(pc30.IsValid());
467 EXPECT_TRUE(pc30.HasDomain());
468 EXPECT_EQ(max_domain, pc30.Domain());
469
470 ParsedCookie pc31("name=value; domain=" + too_long_domain);
471 EXPECT_TRUE(pc31.IsValid());
472 EXPECT_FALSE(pc31.HasDomain());
473 EXPECT_TRUE(status.HasWarningReason(
474 CookieInclusionStatus::WARN_ATTRIBUTE_VALUE_EXCEEDS_MAX_SIZE));
475
476 std::string pc40_suffix = "; domain=example.com";
477
478 ParsedCookie pc40("a=b" + pc40_suffix);
479 EXPECT_TRUE(pc40.IsValid());
480
481 // Test name + value size limits enforced by SetName / SetValue
482 EXPECT_FALSE(pc40.SetName(max_name));
483 EXPECT_EQ("a=b" + pc40_suffix, pc40.ToCookieLine());
484 EXPECT_TRUE(pc40.IsValid());
485
486 EXPECT_FALSE(pc40.SetValue(max_value));
487 EXPECT_EQ("a=b" + pc40_suffix, pc40.ToCookieLine());
488 EXPECT_TRUE(pc40.IsValid());
489
490 EXPECT_TRUE(pc40.SetName(almost_max_name));
491 EXPECT_EQ(almost_max_name + "=b" + pc40_suffix, pc40.ToCookieLine());
492 EXPECT_TRUE(pc40.IsValid());
493
494 EXPECT_FALSE(pc40.SetValue("xX"));
495 EXPECT_EQ(almost_max_name + "=b" + pc40_suffix, pc40.ToCookieLine());
496 EXPECT_TRUE(pc40.IsValid());
497
498 EXPECT_TRUE(pc40.SetName("a"));
499 EXPECT_TRUE(pc40.SetValue(almost_max_value));
500 EXPECT_EQ("a=" + almost_max_value + pc40_suffix, pc40.ToCookieLine());
501 EXPECT_TRUE(pc40.IsValid());
502
503 EXPECT_FALSE(pc40.SetName("xX"));
504 EXPECT_EQ("a=" + almost_max_value + pc40_suffix, pc40.ToCookieLine());
505 EXPECT_TRUE(pc40.IsValid());
506
507 std::string lots_of_spaces(ParsedCookie::kMaxCookieNamePlusValueSize, ' ');
508 std::string test_str = "test";
509 std::string padded_test_str = lots_of_spaces + test_str + lots_of_spaces;
510
511 // Ensure that leading/trailing whitespace gets stripped before the length
512 // calculations are enforced.
513 ParsedCookie pc41("name=value");
514 EXPECT_TRUE(pc41.SetName(padded_test_str));
515 EXPECT_TRUE(pc41.SetValue(padded_test_str));
516 EXPECT_EQ(test_str, pc41.Name());
517 EXPECT_EQ(test_str, pc41.Value());
518
519 std::string name_equals_value = "name=value";
520 ParsedCookie pc50(name_equals_value);
521
522 EXPECT_TRUE(pc50.SetPath(max_path));
523 EXPECT_EQ(pc50.Path(), max_path);
524 EXPECT_EQ(name_equals_value + "; path=" + max_path, pc50.ToCookieLine());
525 EXPECT_TRUE(pc50.IsValid());
526
527 // Test attribute value size limits enforced by SetPath
528 EXPECT_FALSE(pc50.SetPath(too_long_path));
529 EXPECT_EQ(pc50.Path(), max_path);
530 EXPECT_EQ(name_equals_value + "; path=" + max_path, pc50.ToCookieLine());
531 EXPECT_TRUE(pc50.IsValid());
532
533 std::string test_path = "/test";
534 std::string padded_test_path = lots_of_spaces + test_path + lots_of_spaces;
535
536 EXPECT_TRUE(pc50.SetPath(padded_test_path));
537 EXPECT_EQ(test_path, pc50.Path());
538
539 ParsedCookie pc51(name_equals_value);
540
541 EXPECT_TRUE(pc51.SetDomain(max_domain));
542 EXPECT_EQ(pc51.Domain(), max_domain);
543 EXPECT_EQ(name_equals_value + "; domain=" + max_domain, pc51.ToCookieLine());
544 EXPECT_TRUE(pc51.IsValid());
545
546 // Test attribute value size limits enforced by SetDomain
547 EXPECT_FALSE(pc51.SetDomain(too_long_domain));
548 EXPECT_EQ(pc51.Domain(), max_domain);
549 EXPECT_EQ(name_equals_value + "; domain=" + max_domain, pc51.ToCookieLine());
550 EXPECT_TRUE(pc51.IsValid());
551
552 std::string test_domain = "example.com";
553 std::string padded_test_domain =
554 lots_of_spaces + test_domain + lots_of_spaces;
555
556 EXPECT_TRUE(pc51.SetDomain(padded_test_domain));
557 EXPECT_EQ(test_domain, pc51.Domain());
558 }
559
TEST(ParsedCookieTest,EmbeddedTerminator)560 TEST(ParsedCookieTest, EmbeddedTerminator) {
561 ParsedCookie pc1("AAA=BB\0ZYX");
562 ParsedCookie pc2("AAA=BB\rZYX");
563 ParsedCookie pc3("AAA=BB\nZYX");
564 EXPECT_TRUE(pc1.IsValid());
565 EXPECT_EQ("AAA", pc1.Name());
566 EXPECT_EQ("BB", pc1.Value());
567 EXPECT_TRUE(pc2.IsValid());
568 EXPECT_EQ("AAA", pc2.Name());
569 EXPECT_EQ("BB", pc2.Value());
570 EXPECT_TRUE(pc3.IsValid());
571 EXPECT_EQ("AAA", pc3.Name());
572 EXPECT_EQ("BB", pc3.Value());
573 }
574
TEST(ParsedCookieTest,ParseTokensAndValues)575 TEST(ParsedCookieTest, ParseTokensAndValues) {
576 EXPECT_EQ("hello", ParsedCookie::ParseTokenString("hello\nworld"));
577 EXPECT_EQ("fs!!@", ParsedCookie::ParseTokenString("fs!!@;helloworld"));
578 EXPECT_EQ("hello world\tgood",
579 ParsedCookie::ParseTokenString("hello world\tgood\rbye"));
580 EXPECT_EQ("A", ParsedCookie::ParseTokenString("A=B=C;D=E"));
581 EXPECT_EQ("hello", ParsedCookie::ParseValueString("hello\nworld"));
582 EXPECT_EQ("fs!!@", ParsedCookie::ParseValueString("fs!!@;helloworld"));
583 EXPECT_EQ("hello world\tgood",
584 ParsedCookie::ParseValueString("hello world\tgood\rbye"));
585 EXPECT_EQ("A=B=C", ParsedCookie::ParseValueString("A=B=C;D=E"));
586 }
587
TEST(ParsedCookieTest,SerializeCookieLine)588 TEST(ParsedCookieTest, SerializeCookieLine) {
589 const char input[] =
590 "ANCUUID=zohNumRKgI0oxyhSsV3Z7D ; "
591 "expires=Sun, 18-Apr-2027 21:06:29 GMT ; "
592 "path=/ ; priority=low ; ";
593 const char output[] =
594 "ANCUUID=zohNumRKgI0oxyhSsV3Z7D; "
595 "expires=Sun, 18-Apr-2027 21:06:29 GMT; "
596 "path=/; priority=low";
597 ParsedCookie pc(input);
598 EXPECT_EQ(output, pc.ToCookieLine());
599 }
600
TEST(ParsedCookieTest,SetNameAndValue)601 TEST(ParsedCookieTest, SetNameAndValue) {
602 ParsedCookie cookie("a=b");
603 EXPECT_TRUE(cookie.IsValid());
604 EXPECT_TRUE(cookie.SetDomain("foobar.com"));
605 EXPECT_TRUE(cookie.SetName("name"));
606 EXPECT_TRUE(cookie.SetValue("value"));
607 EXPECT_EQ("name=value; domain=foobar.com", cookie.ToCookieLine());
608 EXPECT_TRUE(cookie.IsValid());
609
610 ParsedCookie pc("name=value");
611 EXPECT_TRUE(pc.IsValid());
612
613 // Set invalid name / value.
614 EXPECT_FALSE(pc.SetName("foo\nbar"));
615 EXPECT_EQ("name=value", pc.ToCookieLine());
616 EXPECT_TRUE(pc.IsValid());
617
618 EXPECT_FALSE(pc.SetName("foo\rbar"));
619 EXPECT_EQ("name=value", pc.ToCookieLine());
620 EXPECT_TRUE(pc.IsValid());
621
622 EXPECT_FALSE(pc.SetValue(std::string("foo\0bar", 7)));
623 EXPECT_EQ("name=value", pc.ToCookieLine());
624 EXPECT_TRUE(pc.IsValid());
625
626 // Set previously invalid name / value.
627 EXPECT_TRUE(pc.SetName("@foobar"));
628 EXPECT_EQ("@foobar=value", pc.ToCookieLine());
629 EXPECT_TRUE(pc.IsValid());
630
631 EXPECT_TRUE(pc.SetName("foo bar"));
632 EXPECT_EQ("foo bar=value", pc.ToCookieLine());
633 EXPECT_TRUE(pc.IsValid());
634
635 EXPECT_TRUE(pc.SetName("\"foobar"));
636 EXPECT_EQ("\"foobar=value", pc.ToCookieLine());
637 EXPECT_TRUE(pc.IsValid());
638
639 EXPECT_TRUE(pc.SetValue("foo bar"));
640 EXPECT_EQ("\"foobar=foo bar", pc.ToCookieLine());
641 EXPECT_TRUE(pc.IsValid());
642
643 EXPECT_TRUE(pc.SetValue("\"foobar"));
644 EXPECT_EQ("\"foobar=\"foobar", pc.ToCookieLine());
645 EXPECT_TRUE(pc.IsValid());
646
647 EXPECT_TRUE(pc.SetName(" foo bar "));
648 EXPECT_EQ("foo bar=\"foobar", pc.ToCookieLine());
649 EXPECT_TRUE(pc.IsValid());
650
651 EXPECT_TRUE(pc.SetValue(" foo bar "));
652 EXPECT_EQ("foo bar=foo bar", pc.ToCookieLine());
653 EXPECT_TRUE(pc.IsValid());
654
655 // Set valid name / value.
656 EXPECT_TRUE(pc.SetValue("value"));
657 EXPECT_TRUE(pc.SetName(std::string()));
658 EXPECT_EQ("=value", pc.ToCookieLine());
659 EXPECT_TRUE(pc.IsValid());
660
661 EXPECT_TRUE(pc.SetName("test"));
662 EXPECT_EQ("test=value", pc.ToCookieLine());
663 EXPECT_TRUE(pc.IsValid());
664
665 EXPECT_TRUE(pc.SetValue("\"foobar\""));
666 EXPECT_EQ("test=\"foobar\"", pc.ToCookieLine());
667 EXPECT_TRUE(pc.IsValid());
668
669 EXPECT_TRUE(pc.SetValue(std::string()));
670 EXPECT_EQ("test=", pc.ToCookieLine());
671 EXPECT_TRUE(pc.IsValid());
672
673 // Ensure that failure occurs when trying to set a name containing '='.
674 EXPECT_FALSE(pc.SetName("invalid=name"));
675 EXPECT_EQ("test=", pc.ToCookieLine());
676 EXPECT_TRUE(pc.IsValid());
677
678 // Ensure that trying to set a name containing ';' fails.
679 EXPECT_FALSE(pc.SetName("invalid;name"));
680 EXPECT_EQ("test=", pc.ToCookieLine());
681 EXPECT_TRUE(pc.IsValid());
682
683 EXPECT_FALSE(pc.SetValue("invalid;value"));
684 EXPECT_EQ("test=", pc.ToCookieLine());
685 EXPECT_TRUE(pc.IsValid());
686
687 // Ensure tab characters are treated as control characters.
688 // TODO(crbug.com/1233602) Update this such that tab characters are allowed
689 // and are handled correctly.
690 EXPECT_FALSE(pc.SetName("\tinvalid\t"));
691 EXPECT_EQ("test=", pc.ToCookieLine());
692 EXPECT_TRUE(pc.IsValid());
693
694 EXPECT_FALSE(pc.SetValue("\tinvalid\t"));
695 EXPECT_EQ("test=", pc.ToCookieLine());
696 EXPECT_TRUE(pc.IsValid());
697
698 EXPECT_FALSE(pc.SetName("na\tme"));
699 EXPECT_EQ("test=", pc.ToCookieLine());
700 EXPECT_TRUE(pc.IsValid());
701
702 EXPECT_FALSE(pc.SetValue("val\tue"));
703 EXPECT_EQ("test=", pc.ToCookieLine());
704 EXPECT_TRUE(pc.IsValid());
705 }
706
TEST(ParsedCookieTest,SetAttributes)707 TEST(ParsedCookieTest, SetAttributes) {
708 ParsedCookie pc("name=value");
709 EXPECT_TRUE(pc.IsValid());
710
711 // Clear an unset attribute.
712 EXPECT_TRUE(pc.SetDomain(std::string()));
713 EXPECT_FALSE(pc.HasDomain());
714 EXPECT_EQ("name=value", pc.ToCookieLine());
715 EXPECT_TRUE(pc.IsValid());
716
717 // Set a string containing an invalid character
718 EXPECT_FALSE(pc.SetDomain("foo;bar"));
719 EXPECT_FALSE(pc.HasDomain());
720 EXPECT_EQ("name=value", pc.ToCookieLine());
721 EXPECT_TRUE(pc.IsValid());
722
723 // Set all other attributes and check that they are appended in order.
724 EXPECT_TRUE(pc.SetDomain("domain.com"));
725 EXPECT_TRUE(pc.SetPath("/"));
726 EXPECT_TRUE(pc.SetExpires("Sun, 18-Apr-2027 21:06:29 GMT"));
727 EXPECT_TRUE(pc.SetMaxAge("12345"));
728 EXPECT_TRUE(pc.SetIsSecure(true));
729 EXPECT_TRUE(pc.SetIsHttpOnly(true));
730 EXPECT_TRUE(pc.SetIsHttpOnly(true));
731 EXPECT_TRUE(pc.SetSameSite("LAX"));
732 EXPECT_TRUE(pc.SetPriority("HIGH"));
733 EXPECT_TRUE(pc.SetIsSameParty(true));
734 EXPECT_TRUE(pc.SetIsPartitioned(true));
735 EXPECT_EQ(
736 "name=value; domain=domain.com; path=/; "
737 "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; "
738 "httponly; samesite=LAX; priority=HIGH; sameparty; partitioned",
739 pc.ToCookieLine());
740 EXPECT_TRUE(pc.HasDomain());
741 EXPECT_TRUE(pc.HasPath());
742 EXPECT_TRUE(pc.HasExpires());
743 EXPECT_TRUE(pc.HasMaxAge());
744 EXPECT_TRUE(pc.IsSecure());
745 EXPECT_TRUE(pc.IsHttpOnly());
746 EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite());
747 EXPECT_EQ(COOKIE_PRIORITY_HIGH, pc.Priority());
748 EXPECT_TRUE(pc.IsSameParty());
749
750 // Modify one attribute in the middle.
751 EXPECT_TRUE(pc.SetPath("/foo"));
752 EXPECT_TRUE(pc.HasDomain());
753 EXPECT_TRUE(pc.HasPath());
754 EXPECT_EQ("/foo", pc.Path());
755 EXPECT_TRUE(pc.HasExpires());
756 EXPECT_TRUE(pc.IsSecure());
757 EXPECT_TRUE(pc.IsHttpOnly());
758 EXPECT_TRUE(pc.IsSameParty());
759 EXPECT_EQ(
760 "name=value; domain=domain.com; path=/foo; "
761 "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; "
762 "httponly; samesite=LAX; priority=HIGH; sameparty; partitioned",
763 pc.ToCookieLine());
764
765 // Set priority to medium.
766 EXPECT_TRUE(pc.SetPriority("medium"));
767 EXPECT_EQ(CookiePriority::COOKIE_PRIORITY_MEDIUM, pc.Priority());
768 EXPECT_EQ(
769 "name=value; domain=domain.com; path=/foo; "
770 "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; "
771 "httponly; samesite=LAX; priority=medium; sameparty; partitioned",
772 pc.ToCookieLine());
773
774 // Clear attribute from the end.
775 EXPECT_TRUE(pc.SetIsPartitioned(false));
776 EXPECT_FALSE(pc.IsPartitioned());
777 EXPECT_EQ(
778 "name=value; domain=domain.com; path=/foo; "
779 "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; "
780 "httponly; samesite=LAX; priority=medium; sameparty",
781 pc.ToCookieLine());
782
783 // Clear the rest and change the name and value.
784 EXPECT_TRUE(pc.SetDomain(std::string()));
785 EXPECT_TRUE(pc.SetPath(std::string()));
786 EXPECT_TRUE(pc.SetExpires(std::string()));
787 EXPECT_TRUE(pc.SetMaxAge(std::string()));
788 EXPECT_TRUE(pc.SetIsSecure(false));
789 EXPECT_TRUE(pc.SetIsHttpOnly(false));
790 EXPECT_TRUE(pc.SetSameSite(std::string()));
791 EXPECT_TRUE(pc.SetName("name2"));
792 EXPECT_TRUE(pc.SetValue("value2"));
793 EXPECT_TRUE(pc.SetPriority(std::string()));
794 EXPECT_FALSE(pc.HasDomain());
795 EXPECT_FALSE(pc.HasPath());
796 EXPECT_FALSE(pc.HasExpires());
797 EXPECT_FALSE(pc.HasMaxAge());
798 EXPECT_FALSE(pc.IsSecure());
799 EXPECT_FALSE(pc.IsHttpOnly());
800 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite());
801 EXPECT_TRUE(pc.SetIsSameParty(false));
802 EXPECT_TRUE(pc.SetIsPartitioned(false));
803 EXPECT_EQ("name2=value2", pc.ToCookieLine());
804 EXPECT_FALSE(pc.IsSameParty());
805 EXPECT_FALSE(pc.IsPartitioned());
806 }
807
808 // Setting the domain attribute to the empty string should be valid.
TEST(ParsedCookieTest,EmptyDomainAttributeValid)809 TEST(ParsedCookieTest, EmptyDomainAttributeValid) {
810 ParsedCookie pc("name=value; domain=");
811 EXPECT_TRUE(pc.IsValid());
812 }
813
814 // Set the domain attribute twice in a cookie line. If the second attribute's
815 // value is empty, it should equal the empty string.
TEST(ParsedCookieTest,MultipleDomainAttributes)816 TEST(ParsedCookieTest, MultipleDomainAttributes) {
817 ParsedCookie pc1("name=value; domain=foo.com; domain=bar.com");
818 EXPECT_EQ("bar.com", pc1.Domain());
819 ParsedCookie pc2("name=value; domain=foo.com; domain=");
820 EXPECT_EQ(std::string(), pc2.Domain());
821 }
822
TEST(ParsedCookieTest,SetPriority)823 TEST(ParsedCookieTest, SetPriority) {
824 ParsedCookie pc("name=value");
825 EXPECT_TRUE(pc.IsValid());
826
827 EXPECT_EQ("name=value", pc.ToCookieLine());
828 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
829
830 // Test each priority, expect case-insensitive compare.
831 EXPECT_TRUE(pc.SetPriority("high"));
832 EXPECT_EQ("name=value; priority=high", pc.ToCookieLine());
833 EXPECT_EQ(COOKIE_PRIORITY_HIGH, pc.Priority());
834
835 EXPECT_TRUE(pc.SetPriority("mEDium"));
836 EXPECT_EQ("name=value; priority=mEDium", pc.ToCookieLine());
837 EXPECT_EQ(COOKIE_PRIORITY_MEDIUM, pc.Priority());
838
839 EXPECT_TRUE(pc.SetPriority("LOW"));
840 EXPECT_EQ("name=value; priority=LOW", pc.ToCookieLine());
841 EXPECT_EQ(COOKIE_PRIORITY_LOW, pc.Priority());
842
843 // Interpret invalid priority values as COOKIE_PRIORITY_DEFAULT.
844 EXPECT_TRUE(pc.SetPriority("Blah"));
845 EXPECT_EQ("name=value; priority=Blah", pc.ToCookieLine());
846 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
847
848 EXPECT_TRUE(pc.SetPriority("lowerest"));
849 EXPECT_EQ("name=value; priority=lowerest", pc.ToCookieLine());
850 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
851
852 EXPECT_TRUE(pc.SetPriority(""));
853 EXPECT_EQ("name=value", pc.ToCookieLine());
854 EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority());
855 }
856
TEST(ParsedCookieTest,SetSameSite)857 TEST(ParsedCookieTest, SetSameSite) {
858 ParsedCookie pc("name=value");
859 EXPECT_TRUE(pc.IsValid());
860
861 EXPECT_EQ("name=value", pc.ToCookieLine());
862 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite());
863
864 // Test each samesite directive, expect case-insensitive compare.
865 EXPECT_TRUE(pc.SetSameSite("strict"));
866 EXPECT_EQ("name=value; samesite=strict", pc.ToCookieLine());
867 EXPECT_EQ(CookieSameSite::STRICT_MODE, pc.SameSite());
868 EXPECT_TRUE(pc.IsValid());
869
870 EXPECT_TRUE(pc.SetSameSite("lAx"));
871 EXPECT_EQ("name=value; samesite=lAx", pc.ToCookieLine());
872 EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite());
873 EXPECT_TRUE(pc.IsValid());
874
875 EXPECT_TRUE(pc.SetSameSite("LAX"));
876 EXPECT_EQ("name=value; samesite=LAX", pc.ToCookieLine());
877 EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite());
878 EXPECT_TRUE(pc.IsValid());
879
880 EXPECT_TRUE(pc.SetSameSite("None"));
881 EXPECT_EQ("name=value; samesite=None", pc.ToCookieLine());
882 EXPECT_EQ(CookieSameSite::NO_RESTRICTION, pc.SameSite());
883 EXPECT_TRUE(pc.IsValid());
884
885 EXPECT_TRUE(pc.SetSameSite("NONE"));
886 EXPECT_EQ("name=value; samesite=NONE", pc.ToCookieLine());
887 EXPECT_EQ(CookieSameSite::NO_RESTRICTION, pc.SameSite());
888 EXPECT_TRUE(pc.IsValid());
889
890 // Remove the SameSite attribute.
891 EXPECT_TRUE(pc.SetSameSite(""));
892 EXPECT_EQ("name=value", pc.ToCookieLine());
893 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite());
894 EXPECT_TRUE(pc.IsValid());
895
896 EXPECT_TRUE(pc.SetSameSite("Blah"));
897 EXPECT_EQ("name=value; samesite=Blah", pc.ToCookieLine());
898 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite());
899 EXPECT_TRUE(pc.IsValid());
900 }
901
902 // Test that the correct enum value is returned for the SameSite attribute
903 // string.
TEST(ParsedCookieTest,CookieSameSiteStringEnum)904 TEST(ParsedCookieTest, CookieSameSiteStringEnum) {
905 ParsedCookie pc("name=value; SameSite");
906 CookieSameSiteString actual = CookieSameSiteString::kLax;
907 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite(&actual));
908 EXPECT_EQ(CookieSameSiteString::kEmptyString, actual);
909
910 pc.SetSameSite("Strict");
911 EXPECT_EQ(CookieSameSite::STRICT_MODE, pc.SameSite(&actual));
912 EXPECT_EQ(CookieSameSiteString::kStrict, actual);
913
914 pc.SetSameSite("Lax");
915 EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite(&actual));
916 EXPECT_EQ(CookieSameSiteString::kLax, actual);
917
918 pc.SetSameSite("None");
919 EXPECT_EQ(CookieSameSite::NO_RESTRICTION, pc.SameSite(&actual));
920 EXPECT_EQ(CookieSameSiteString::kNone, actual);
921
922 pc.SetSameSite("Extended");
923 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite(&actual));
924 EXPECT_EQ(CookieSameSiteString::kExtended, actual);
925
926 pc.SetSameSite("Bananas");
927 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc.SameSite(&actual));
928 EXPECT_EQ(CookieSameSiteString::kUnrecognized, actual);
929
930 ParsedCookie pc2("no_samesite=1");
931 EXPECT_EQ(CookieSameSite::UNSPECIFIED, pc2.SameSite(&actual));
932 EXPECT_EQ(CookieSameSiteString::kUnspecified, actual);
933 }
934
TEST(ParsedCookieTest,SettersInputValidation)935 TEST(ParsedCookieTest, SettersInputValidation) {
936 ParsedCookie pc("name=foobar");
937 EXPECT_TRUE(pc.SetPath("baz"));
938 EXPECT_EQ(pc.ToCookieLine(), "name=foobar; path=baz");
939
940 EXPECT_TRUE(pc.SetPath(" baz "));
941 EXPECT_EQ(pc.ToCookieLine(), "name=foobar; path=baz");
942
943 EXPECT_TRUE(pc.SetPath(" "));
944 EXPECT_EQ(pc.ToCookieLine(), "name=foobar");
945
946 EXPECT_TRUE(pc.SetDomain(" baz "));
947 EXPECT_EQ(pc.ToCookieLine(), "name=foobar; domain=baz");
948
949 // Invalid characters
950 EXPECT_FALSE(pc.SetPath(" baz\n "));
951 EXPECT_FALSE(pc.SetPath("f;oo"));
952 EXPECT_FALSE(pc.SetPath("\r"));
953 EXPECT_FALSE(pc.SetPath("\a"));
954 EXPECT_FALSE(pc.SetPath("\t"));
955 EXPECT_FALSE(pc.SetSameSite("\r"));
956 }
957
TEST(ParsedCookieTest,ToCookieLineSpecialTokens)958 TEST(ParsedCookieTest, ToCookieLineSpecialTokens) {
959 // Special tokens "secure", "httponly", and "sameparty" should be treated as
960 // any other name when they are in the first position.
961 {
962 ParsedCookie pc("");
963 pc.SetName("secure");
964 EXPECT_EQ(pc.ToCookieLine(), "secure=");
965 }
966 {
967 ParsedCookie pc("secure");
968 EXPECT_EQ(pc.ToCookieLine(), "=secure");
969 }
970 {
971 ParsedCookie pc("secure=foo");
972 EXPECT_EQ(pc.ToCookieLine(), "secure=foo");
973 }
974 {
975 ParsedCookie pc("foo=secure");
976 EXPECT_EQ(pc.ToCookieLine(), "foo=secure");
977 }
978 {
979 ParsedCookie pc("httponly=foo");
980 EXPECT_EQ(pc.ToCookieLine(), "httponly=foo");
981 }
982 {
983 ParsedCookie pc("sameparty=foo");
984 EXPECT_EQ(pc.ToCookieLine(), "sameparty=foo");
985 }
986 {
987 ParsedCookie pc("foo");
988 pc.SetName("secure");
989 EXPECT_EQ(pc.ToCookieLine(), "secure=foo");
990 }
991 {
992 ParsedCookie pc("bar");
993 pc.SetName("httponly");
994 EXPECT_EQ(pc.ToCookieLine(), "httponly=bar");
995 }
996 {
997 ParsedCookie pc("foo=bar; baz=bob");
998 EXPECT_EQ(pc.ToCookieLine(), "foo=bar; baz=bob");
999 }
1000 // Outside of the first position, the value associated with a special name
1001 // should not be printed.
1002 {
1003 ParsedCookie pc("name=foo; secure");
1004 EXPECT_EQ(pc.ToCookieLine(), "name=foo; secure");
1005 }
1006 {
1007 ParsedCookie pc("name=foo; secure=bar");
1008 EXPECT_EQ(pc.ToCookieLine(), "name=foo; secure");
1009 }
1010 {
1011 ParsedCookie pc("name=foo; httponly=baz");
1012 EXPECT_EQ(pc.ToCookieLine(), "name=foo; httponly");
1013 }
1014 {
1015 ParsedCookie pc("name=foo; sameparty=baz");
1016 EXPECT_EQ(pc.ToCookieLine(), "name=foo; sameparty");
1017 }
1018 {
1019 ParsedCookie pc("name=foo; bar=secure");
1020 EXPECT_EQ(pc.ToCookieLine(), "name=foo; bar=secure");
1021 }
1022 // Repeated instances of the special tokens are also fine.
1023 {
1024 ParsedCookie pc("name=foo; secure; secure=yesplease; secure; secure");
1025 EXPECT_TRUE(pc.IsValid());
1026 EXPECT_TRUE(pc.IsSecure());
1027 EXPECT_FALSE(pc.IsHttpOnly());
1028 EXPECT_FALSE(pc.IsSameParty());
1029 }
1030 {
1031 ParsedCookie pc("sameparty; sameparty; secure; httponly; httponly; secure");
1032 EXPECT_EQ("", pc.Name());
1033 EXPECT_EQ("sameparty", pc.Value());
1034 EXPECT_TRUE(pc.IsSecure());
1035 EXPECT_TRUE(pc.IsSameParty());
1036 EXPECT_TRUE(pc.IsHttpOnly());
1037 }
1038 {
1039 ParsedCookie pc("partitioned=foo");
1040 EXPECT_EQ("partitioned", pc.Name());
1041 EXPECT_EQ("foo", pc.Value());
1042 EXPECT_FALSE(pc.IsPartitioned());
1043 }
1044 {
1045 ParsedCookie pc("partitioned=");
1046 EXPECT_EQ("partitioned", pc.Name());
1047 EXPECT_EQ("", pc.Value());
1048 EXPECT_FALSE(pc.IsPartitioned());
1049 }
1050 {
1051 ParsedCookie pc("=partitioned");
1052 EXPECT_EQ("", pc.Name());
1053 EXPECT_EQ("partitioned", pc.Value());
1054 EXPECT_FALSE(pc.IsPartitioned());
1055 }
1056 {
1057 ParsedCookie pc(
1058 "partitioned; partitioned; secure; httponly; httponly; secure");
1059 EXPECT_EQ("", pc.Name());
1060 EXPECT_EQ("partitioned", pc.Value());
1061 EXPECT_TRUE(pc.IsPartitioned());
1062 }
1063 }
1064
TEST(ParsedCookieTest,SameSiteValues)1065 TEST(ParsedCookieTest, SameSiteValues) {
1066 struct TestCase {
1067 const char* cookie;
1068 bool valid;
1069 CookieSameSite mode;
1070 } cases[]{{"n=v; samesite=strict", true, CookieSameSite::STRICT_MODE},
1071 {"n=v; samesite=lax", true, CookieSameSite::LAX_MODE},
1072 {"n=v; samesite=none", true, CookieSameSite::NO_RESTRICTION},
1073 {"n=v; samesite=boo", true, CookieSameSite::UNSPECIFIED},
1074 {"n=v; samesite", true, CookieSameSite::UNSPECIFIED},
1075 {"n=v", true, CookieSameSite::UNSPECIFIED}};
1076
1077 for (const auto& test : cases) {
1078 SCOPED_TRACE(test.cookie);
1079 ParsedCookie pc(test.cookie);
1080 EXPECT_EQ(test.valid, pc.IsValid());
1081 EXPECT_EQ(test.mode, pc.SameSite());
1082 }
1083 }
1084
TEST(ParsedCookieTest,InvalidNonAlphanumericChars)1085 TEST(ParsedCookieTest, InvalidNonAlphanumericChars) {
1086 ParsedCookie pc1("name=\x05");
1087 ParsedCookie pc2(
1088 "name=foo"
1089 "\x1c"
1090 "bar");
1091 ParsedCookie pc3(
1092 "name=foobar"
1093 "\x11");
1094 ParsedCookie pc4(
1095 "name=\x02"
1096 "foobar");
1097
1098 ParsedCookie pc5("\x05=value");
1099 ParsedCookie pc6(
1100 "foo"
1101 "\x05"
1102 "bar=value");
1103 ParsedCookie pc7(
1104 "foobar"
1105 "\x05"
1106 "=value");
1107 ParsedCookie pc8(
1108 "\x05"
1109 "foobar"
1110 "=value");
1111
1112 ParsedCookie pc9(
1113 "foo"
1114 "\x05"
1115 "bar"
1116 "=foo"
1117 "\x05"
1118 "bar");
1119
1120 ParsedCookie pc10(
1121 "foo=bar;ba"
1122 "\x05"
1123 "z=boo");
1124 ParsedCookie pc11(
1125 "foo=bar;baz=bo"
1126 "\x05"
1127 "o");
1128 ParsedCookie pc12(
1129 "foo=bar;ba"
1130 "\05"
1131 "z=bo"
1132 "\x05"
1133 "o");
1134
1135 ParsedCookie pc13(
1136 "foo=bar;ba"
1137 "\x7F"
1138 "z=bo");
1139 ParsedCookie pc14(
1140 "fo"
1141 "\x7F"
1142 "o=bar;"
1143 "z=bo");
1144 ParsedCookie pc15(
1145 "foo=bar"
1146 "\x7F"
1147 ";z=bo");
1148
1149 EXPECT_FALSE(pc1.IsValid());
1150 EXPECT_FALSE(pc2.IsValid());
1151 EXPECT_FALSE(pc3.IsValid());
1152 EXPECT_FALSE(pc4.IsValid());
1153 EXPECT_FALSE(pc5.IsValid());
1154 EXPECT_FALSE(pc6.IsValid());
1155 EXPECT_FALSE(pc7.IsValid());
1156 EXPECT_FALSE(pc8.IsValid());
1157 EXPECT_FALSE(pc9.IsValid());
1158 EXPECT_FALSE(pc10.IsValid());
1159 EXPECT_FALSE(pc11.IsValid());
1160 EXPECT_FALSE(pc12.IsValid());
1161 EXPECT_FALSE(pc13.IsValid());
1162 EXPECT_FALSE(pc14.IsValid());
1163 EXPECT_FALSE(pc15.IsValid());
1164 }
1165
TEST(ParsedCookieTest,ValidNonAlphanumericChars)1166 TEST(ParsedCookieTest, ValidNonAlphanumericChars) {
1167 // Note that some of these words are pasted backwords thanks to poor vim
1168 // bidi support. This should not affect the tests, however.
1169 const char pc1_literal[] = "name=العربية";
1170 const char pc2_literal[] = "name=普通話";
1171 const char pc3_literal[] = "name=ภาษาไทย";
1172 const char pc4_literal[] = "name=עִבְרִית";
1173 const char pc5_literal[] = "العربية=value";
1174 const char pc6_literal[] = "普通話=value";
1175 const char pc7_literal[] = "ภาษาไทย=value";
1176 const char pc8_literal[] = "עִבְרִית=value";
1177 const char pc9_literal[] = "@foo=bar";
1178
1179 ParsedCookie pc1(pc1_literal);
1180 ParsedCookie pc2(pc2_literal);
1181 ParsedCookie pc3(pc3_literal);
1182 ParsedCookie pc4(pc4_literal);
1183 ParsedCookie pc5(pc5_literal);
1184 ParsedCookie pc6(pc6_literal);
1185 ParsedCookie pc7(pc7_literal);
1186 ParsedCookie pc8(pc8_literal);
1187 ParsedCookie pc9(pc9_literal);
1188
1189 EXPECT_TRUE(pc1.IsValid());
1190 EXPECT_EQ(pc1_literal, pc1.ToCookieLine());
1191 EXPECT_TRUE(pc2.IsValid());
1192 EXPECT_EQ(pc2_literal, pc2.ToCookieLine());
1193 EXPECT_TRUE(pc3.IsValid());
1194 EXPECT_EQ(pc3_literal, pc3.ToCookieLine());
1195 EXPECT_TRUE(pc4.IsValid());
1196 EXPECT_EQ(pc4_literal, pc4.ToCookieLine());
1197 EXPECT_TRUE(pc5.IsValid());
1198 EXPECT_EQ(pc5_literal, pc5.ToCookieLine());
1199 EXPECT_TRUE(pc6.IsValid());
1200 EXPECT_EQ(pc6_literal, pc6.ToCookieLine());
1201 EXPECT_TRUE(pc7.IsValid());
1202 EXPECT_EQ(pc7_literal, pc7.ToCookieLine());
1203 EXPECT_TRUE(pc8.IsValid());
1204 EXPECT_EQ(pc8_literal, pc8.ToCookieLine());
1205 EXPECT_TRUE(pc9.IsValid());
1206 EXPECT_EQ(pc9_literal, pc9.ToCookieLine());
1207
1208 EXPECT_TRUE(pc1.SetValue(pc1.Value()));
1209 EXPECT_EQ(pc1_literal, pc1.ToCookieLine());
1210 EXPECT_TRUE(pc1.IsValid());
1211 EXPECT_TRUE(pc2.SetValue(pc2.Value()));
1212 EXPECT_EQ(pc2_literal, pc2.ToCookieLine());
1213 EXPECT_TRUE(pc2.IsValid());
1214 EXPECT_TRUE(pc3.SetValue(pc3.Value()));
1215 EXPECT_EQ(pc3_literal, pc3.ToCookieLine());
1216 EXPECT_TRUE(pc3.IsValid());
1217 EXPECT_TRUE(pc4.SetValue(pc4.Value()));
1218 EXPECT_EQ(pc4_literal, pc4.ToCookieLine());
1219 EXPECT_TRUE(pc4.IsValid());
1220 EXPECT_TRUE(pc5.SetName(pc5.Name()));
1221 EXPECT_EQ(pc5_literal, pc5.ToCookieLine());
1222 EXPECT_TRUE(pc5.IsValid());
1223 EXPECT_TRUE(pc6.SetName(pc6.Name()));
1224 EXPECT_EQ(pc6_literal, pc6.ToCookieLine());
1225 EXPECT_TRUE(pc6.IsValid());
1226 EXPECT_TRUE(pc7.SetName(pc7.Name()));
1227 EXPECT_EQ(pc7_literal, pc7.ToCookieLine());
1228 EXPECT_TRUE(pc7.IsValid());
1229 EXPECT_TRUE(pc8.SetName(pc8.Name()));
1230 EXPECT_EQ(pc8_literal, pc8.ToCookieLine());
1231 EXPECT_TRUE(pc8.IsValid());
1232 EXPECT_TRUE(pc9.SetName(pc9.Name()));
1233 EXPECT_EQ(pc9_literal, pc9.ToCookieLine());
1234 EXPECT_TRUE(pc9.IsValid());
1235 }
1236
TEST(ParsedCookieTest,TruncatingCharInCookieLine)1237 TEST(ParsedCookieTest, TruncatingCharInCookieLine) {
1238 using std::string_literals::operator""s;
1239
1240 // Test scenarios where a control char may appear at start, middle and end of
1241 // a cookie line. Control char array with NULL (\x0), CR (\xD), LF (xA),
1242 // HT (\x9) and BS (\x1B).
1243 const struct {
1244 const char ctlChar;
1245 const TruncatingCharacterInCookieStringType
1246 expectedTruncatingCharInCookieStringType;
1247 } kTests[] = {
1248 {'\x0', TruncatingCharacterInCookieStringType::kTruncatingCharNull},
1249 {'\xD', TruncatingCharacterInCookieStringType::kTruncatingCharNewline},
1250 {'\xA', TruncatingCharacterInCookieStringType::kTruncatingCharLineFeed},
1251 {'\x9', TruncatingCharacterInCookieStringType::kTruncatingCharNone},
1252 {'\x1B', TruncatingCharacterInCookieStringType::kTruncatingCharNone}};
1253
1254 for (const auto& test : kTests) {
1255 std::string ctl_string(1, test.ctlChar);
1256 std::string ctl_at_start_cookie_string = ctl_string + "foo=bar"s;
1257 ParsedCookie ctl_at_start_cookie(ctl_at_start_cookie_string);
1258 EXPECT_EQ(ctl_at_start_cookie.GetTruncatingCharacterInCookieStringType(),
1259 test.expectedTruncatingCharInCookieStringType);
1260
1261 std::string ctl_at_middle_cookie_string =
1262 "foo=bar;"s + ctl_string + "secure"s;
1263 ParsedCookie ctl_at_middle_cookie(ctl_at_start_cookie_string);
1264 EXPECT_EQ(ctl_at_middle_cookie.GetTruncatingCharacterInCookieStringType(),
1265 test.expectedTruncatingCharInCookieStringType);
1266
1267 std::string ctl_at_end_cookie_string =
1268 "foo=bar;"s + "secure;"s + ctl_string;
1269 ParsedCookie ctl_at_end_cookie(ctl_at_start_cookie_string);
1270 EXPECT_EQ(ctl_at_end_cookie.GetTruncatingCharacterInCookieStringType(),
1271 test.expectedTruncatingCharInCookieStringType);
1272 }
1273 // Test if there are multiple control characters that terminate.
1274 std::string ctls_cookie_string = "foo=bar;\xA\xD"s;
1275 ParsedCookie ctls_cookie(ctls_cookie_string);
1276 EXPECT_EQ(ctls_cookie.GetTruncatingCharacterInCookieStringType(),
1277 TruncatingCharacterInCookieStringType::kTruncatingCharLineFeed);
1278 // Test with no control characters.
1279 std::string cookie_string = "foo=bar;"s;
1280 ParsedCookie cookie(cookie_string);
1281 EXPECT_EQ(cookie.GetTruncatingCharacterInCookieStringType(),
1282 TruncatingCharacterInCookieStringType::kTruncatingCharNone);
1283 }
1284
TEST(ParsedCookieTest,HtabInNameOrValue)1285 TEST(ParsedCookieTest, HtabInNameOrValue) {
1286 std::string no_htab_string = "foo=bar";
1287 ParsedCookie no_htab(no_htab_string);
1288 EXPECT_FALSE(no_htab.HasInternalHtab());
1289
1290 std::string htab_leading_trailing_string = "\tfoo=bar\t";
1291 ParsedCookie htab_leading_trailing(htab_leading_trailing_string);
1292 EXPECT_FALSE(htab_leading_trailing.HasInternalHtab());
1293
1294 std::string htab_name_string = "f\too=bar";
1295 ParsedCookie htab_name(htab_name_string);
1296 EXPECT_TRUE(htab_name.HasInternalHtab());
1297
1298 std::string htab_value_string = "foo=b\tar";
1299 ParsedCookie htab_value(htab_value_string);
1300 EXPECT_TRUE(htab_value.HasInternalHtab());
1301 }
1302
1303 } // namespace net
1304