QNetworkCookieJar: do not allow cookies for domains like ".com"

the domain attribute in cookies must always contain one embedded dot, according to RFC 2109 section 4.3.2 Reviewed-by: Thiago Task-number: 251467
author: Peter Hartmann <peter.hartmann@trolltech.com> 2009-04-30 16:59:37 +0200
committer: Peter Hartmann <peter.hartmann@trolltech.com> 2009-05-04 16:26:09 +0200
commit: a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466 (patch)
tree: 2f38ef2b85d0c4d2a4436e9f9660cb1c3731e3b8 /tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
parent: 0820be4a16f8213ba02e2a2f9fe5df4d1ec6a818 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
index e87a3bfc66..7aa1d2414b 100644
--- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
+++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
@@ -171,6 +171,17 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data()
     result.clear();
     result += finalCookie;
     QTest::newRow("defaults-2") << preset << cookie << "http://www.foo.tld" << result << true;
+
+    // security test: do not accept cookie domains like ".com" nor ".com." (see RFC 2109 section 4.3.2)
+    result.clear();
+    preset.clear();
+    cookie.setDomain(".com");
+    QTest::newRow("rfc2109-4.3.2-ex3") << preset << cookie << "http://x.foo.com" << result << false;
+
+    result.clear();
+    preset.clear();
+    cookie.setDomain(".com.");
+    QTest::newRow("rfc2109-4.3.2-ex3-2") << preset << cookie << "http://x.foo.com" << result << false;
 }
 
 void tst_QNetworkCookieJar::setCookiesFromUrl()
author	Peter Hartmann <peter.hartmann@trolltech.com>	2009-04-30 16:59:37 +0200
committer	Peter Hartmann <peter.hartmann@trolltech.com>	2009-05-04 16:26:09 +0200
commit	a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466 (patch)
tree	2f38ef2b85d0c4d2a4436e9f9660cb1c3731e3b8 /tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
parent	0820be4a16f8213ba02e2a2f9fe5df4d1ec6a818 (diff)