diff options
Diffstat (limited to 'chromium/net/cookies/canonical_cookie_unittest.cc')
-rw-r--r-- | chromium/net/cookies/canonical_cookie_unittest.cc | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/chromium/net/cookies/canonical_cookie_unittest.cc b/chromium/net/cookies/canonical_cookie_unittest.cc index 7d8a0151548..da01a7888dc 100644 --- a/chromium/net/cookies/canonical_cookie_unittest.cc +++ b/chromium/net/cookies/canonical_cookie_unittest.cc @@ -2348,6 +2348,18 @@ TEST(CanonicalCookieTest, SecureCookiePrefix) { absl::nullopt /* cookie_partition_key */, &status)); EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( {CookieInclusionStatus::EXCLUDE_INVALID_PREFIX})); + + // Hidden __Secure- prefixes should be rejected. + EXPECT_FALSE(CanonicalCookie::Create( + https_url, "=__Secure-A=B; Secure", creation_time, server_time, + absl::nullopt /* cookie_partition_key */, &status)); + EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( + {CookieInclusionStatus::EXCLUDE_INVALID_PREFIX})); + + // While tricky, this isn't considered hidden and is fine. + EXPECT_TRUE(CanonicalCookie::Create( + https_url, "A=__Secure-A=B; Secure", creation_time, server_time, + absl::nullopt /* cookie_partition_key */)); } TEST(CanonicalCookieTest, HostCookiePrefix) { @@ -2432,6 +2444,18 @@ TEST(CanonicalCookieTest, HostCookiePrefix) { EXPECT_TRUE(CanonicalCookie::Create( https_url, "__HostA=B; Domain=" + domain + "; Secure;", creation_time, server_time, absl::nullopt /* cookie_partition_key */)); + + // Hidden __Host- prefixes should be rejected. + EXPECT_FALSE(CanonicalCookie::Create( + https_url, "=__Host-A=B; Path=/; Secure;", creation_time, server_time, + absl::nullopt /* cookie_partition_key */, &status)); + EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( + {CookieInclusionStatus::EXCLUDE_INVALID_PREFIX})); + + // While tricky, this isn't considered hidden and is fine. + EXPECT_TRUE(CanonicalCookie::Create( + https_url, "A=__Host-A=B; Path=/; Secure;", creation_time, server_time, + absl::nullopt /* cookie_partition_key */)); } TEST(CanonicalCookieTest, CanCreateSecureCookiesFromAnyScheme) { @@ -2874,6 +2898,31 @@ TEST(CanonicalCookieTest, IsCanonical) { CookiePartitionKey::FromURLForTesting( GURL("https://toplevelsite.com"))) ->IsCanonical()); + + // Hidden cookie prefixes. + EXPECT_FALSE(CanonicalCookie::CreateUnsafeCookieForTesting( + "", "__Secure-a=b", "x.y", "/", base::Time(), base::Time(), + base::Time(), true, false, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_LOW, false) + ->IsCanonical()); + + EXPECT_FALSE(CanonicalCookie::CreateUnsafeCookieForTesting( + "", "__Host-a=b", "x.y", "/", base::Time(), base::Time(), + base::Time(), true, false, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_LOW, false) + ->IsCanonical()); + + EXPECT_TRUE(CanonicalCookie::CreateUnsafeCookieForTesting( + "a", "__Secure-a=b", "x.y", "/", base::Time(), base::Time(), + base::Time(), true, false, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_LOW, false) + ->IsCanonical()); + + EXPECT_TRUE(CanonicalCookie::CreateUnsafeCookieForTesting( + "a", "__Host-a=b", "x.y", "/", base::Time(), base::Time(), + base::Time(), true, false, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_LOW, false) + ->IsCanonical()); } TEST(CanonicalCookieTest, TestSetCreationDate) { @@ -3525,6 +3574,39 @@ TEST(CanonicalCookieTest, CreateSanitizedCookie_Logic) { false /*same_party*/, absl::nullopt /*partition_key*/, &status)); EXPECT_TRUE(status.IsInclude()); + // Cookies with hidden prefixes should be rejected. + + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "", "__Host-A=B", "", "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT, + false /*same_party*/, absl::nullopt /*partition_key*/, &status)); + EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( + {CookieInclusionStatus::EXCLUDE_INVALID_PREFIX})); + + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "", "__Secure-A=B", "", "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT, + false /*same_party*/, absl::nullopt /*partition_key*/, &status)); + EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( + {CookieInclusionStatus::EXCLUDE_INVALID_PREFIX})); + + // While tricky, this aren't considered hidden prefixes and should succeed. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "A", "__Host-A=B", "", "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT, + false /*same_party*/, absl::nullopt /*partition_key*/, &status)); + EXPECT_TRUE(status.IsInclude()); + + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "A", "__Secure-A=B", "", "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT, + false /*same_party*/, absl::nullopt /*partition_key*/, &status)); + EXPECT_TRUE(status.IsInclude()); + // SameParty attribute requires Secure and forbids SameSite=Strict. EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( GURL("https://www.foo.com"), "A", "B", ".www.foo.com", "/", two_hours_ago, @@ -5114,4 +5196,47 @@ TEST(CanonicalCookieTest, TestIsCanonicalWithInvalidSizeHistograms) { histograms.ExpectBucketCount(kFromStorageWithValidLengthHistogram, kValid, 1); } +TEST(CanonicalCookieTest, TestHasHiddenPrefixName) { + const struct { + const char* value; + bool result; + } kTestCases[] = { + {"", false}, + {" ", false}, + {"foobar=", false}, + {"foo=bar", false}, + {" \t ", false}, + {"\t", false}, + {"__Secure-abc", false}, + {"__Secur=e-abc", false}, + {"__Secureabc", false}, + {"__Host-abc", false}, + {"__Hos=t-abc", false}, + {"_Host", false}, + {" __Secure-abc", false}, + {"\t__Host-", false}, + {"a__Host-abc=123", false}, + {"a__Secure-abc=123", false}, + {"__Host-abc=", true}, + {"__Host-abc=123", true}, + {" __Host-abc=123", true}, + {" __Host-abc=", true}, + {"\t\t\t\t\t__Host-abc=123", true}, + {"\t __Host-abc=", true}, + {"__Secure-abc=", true}, + {"__Secure-abc=123", true}, + {" __Secure-abc=123", true}, + {" __Secure-abc=", true}, + {"\t\t\t\t\t__Secure-abc=123", true}, + {"\t __Secure-abc=", true}, + {"__Secure-abc=123=d=4=fg=", true}, + }; + + for (auto test_case : kTestCases) { + EXPECT_EQ(CanonicalCookie::HasHiddenPrefixName(test_case.value), + test_case.result) + << test_case.value << " failed check"; + } +} + } // namespace net |