github.com/slayercat/go@v0.0.0-20170428012452-c51559813f61/src/net/http/cookie_test.go (about) 1 // Copyright 2010 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package http 6 7 import ( 8 "bytes" 9 "encoding/json" 10 "fmt" 11 "log" 12 "os" 13 "reflect" 14 "strings" 15 "testing" 16 "time" 17 ) 18 19 var writeSetCookiesTests = []struct { 20 Cookie *Cookie 21 Raw string 22 }{ 23 { 24 &Cookie{Name: "cookie-1", Value: "v$1"}, 25 "cookie-1=v$1", 26 }, 27 { 28 &Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600}, 29 "cookie-2=two; Max-Age=3600", 30 }, 31 { 32 &Cookie{Name: "cookie-3", Value: "three", Domain: ".example.com"}, 33 "cookie-3=three; Domain=example.com", 34 }, 35 { 36 &Cookie{Name: "cookie-4", Value: "four", Path: "/restricted/"}, 37 "cookie-4=four; Path=/restricted/", 38 }, 39 { 40 &Cookie{Name: "cookie-5", Value: "five", Domain: "wrong;bad.abc"}, 41 "cookie-5=five", 42 }, 43 { 44 &Cookie{Name: "cookie-6", Value: "six", Domain: "bad-.abc"}, 45 "cookie-6=six", 46 }, 47 { 48 &Cookie{Name: "cookie-7", Value: "seven", Domain: "127.0.0.1"}, 49 "cookie-7=seven; Domain=127.0.0.1", 50 }, 51 { 52 &Cookie{Name: "cookie-8", Value: "eight", Domain: "::1"}, 53 "cookie-8=eight", 54 }, 55 { 56 &Cookie{Name: "cookie-9", Value: "expiring", Expires: time.Unix(1257894000, 0)}, 57 "cookie-9=expiring; Expires=Tue, 10 Nov 2009 23:00:00 GMT", 58 }, 59 // According to IETF 6265 Section 5.1.1.5, the year cannot be less than 1601 60 { 61 &Cookie{Name: "cookie-10", Value: "expiring-1601", Expires: time.Date(1601, 1, 1, 1, 1, 1, 1, time.UTC)}, 62 "cookie-10=expiring-1601; Expires=Mon, 01 Jan 1601 01:01:01 GMT", 63 }, 64 { 65 &Cookie{Name: "cookie-11", Value: "invalid-expiry", Expires: time.Date(1600, 1, 1, 1, 1, 1, 1, time.UTC)}, 66 "cookie-11=invalid-expiry", 67 }, 68 // The "special" cookies have values containing commas or spaces which 69 // are disallowed by RFC 6265 but are common in the wild. 70 { 71 &Cookie{Name: "special-1", Value: "a z"}, 72 `special-1=a z`, 73 }, 74 { 75 &Cookie{Name: "special-2", Value: " z"}, 76 `special-2=" z"`, 77 }, 78 { 79 &Cookie{Name: "special-3", Value: "a "}, 80 `special-3="a "`, 81 }, 82 { 83 &Cookie{Name: "special-4", Value: " "}, 84 `special-4=" "`, 85 }, 86 { 87 &Cookie{Name: "special-5", Value: "a,z"}, 88 `special-5=a,z`, 89 }, 90 { 91 &Cookie{Name: "special-6", Value: ",z"}, 92 `special-6=",z"`, 93 }, 94 { 95 &Cookie{Name: "special-7", Value: "a,"}, 96 `special-7="a,"`, 97 }, 98 { 99 &Cookie{Name: "special-8", Value: ","}, 100 `special-8=","`, 101 }, 102 { 103 &Cookie{Name: "empty-value", Value: ""}, 104 `empty-value=`, 105 }, 106 { 107 nil, 108 ``, 109 }, 110 { 111 &Cookie{Name: ""}, 112 ``, 113 }, 114 { 115 &Cookie{Name: "\t"}, 116 ``, 117 }, 118 } 119 120 func TestWriteSetCookies(t *testing.T) { 121 defer log.SetOutput(os.Stderr) 122 var logbuf bytes.Buffer 123 log.SetOutput(&logbuf) 124 125 for i, tt := range writeSetCookiesTests { 126 if g, e := tt.Cookie.String(), tt.Raw; g != e { 127 t.Errorf("Test %d, expecting:\n%s\nGot:\n%s\n", i, e, g) 128 continue 129 } 130 } 131 132 if got, sub := logbuf.String(), "dropping domain attribute"; !strings.Contains(got, sub) { 133 t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got) 134 } 135 } 136 137 type headerOnlyResponseWriter Header 138 139 func (ho headerOnlyResponseWriter) Header() Header { 140 return Header(ho) 141 } 142 143 func (ho headerOnlyResponseWriter) Write([]byte) (int, error) { 144 panic("NOIMPL") 145 } 146 147 func (ho headerOnlyResponseWriter) WriteHeader(int) { 148 panic("NOIMPL") 149 } 150 151 func TestSetCookie(t *testing.T) { 152 m := make(Header) 153 SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-1", Value: "one", Path: "/restricted/"}) 154 SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600}) 155 if l := len(m["Set-Cookie"]); l != 2 { 156 t.Fatalf("expected %d cookies, got %d", 2, l) 157 } 158 if g, e := m["Set-Cookie"][0], "cookie-1=one; Path=/restricted/"; g != e { 159 t.Errorf("cookie #1: want %q, got %q", e, g) 160 } 161 if g, e := m["Set-Cookie"][1], "cookie-2=two; Max-Age=3600"; g != e { 162 t.Errorf("cookie #2: want %q, got %q", e, g) 163 } 164 } 165 166 var addCookieTests = []struct { 167 Cookies []*Cookie 168 Raw string 169 }{ 170 { 171 []*Cookie{}, 172 "", 173 }, 174 { 175 []*Cookie{{Name: "cookie-1", Value: "v$1"}}, 176 "cookie-1=v$1", 177 }, 178 { 179 []*Cookie{ 180 {Name: "cookie-1", Value: "v$1"}, 181 {Name: "cookie-2", Value: "v$2"}, 182 {Name: "cookie-3", Value: "v$3"}, 183 }, 184 "cookie-1=v$1; cookie-2=v$2; cookie-3=v$3", 185 }, 186 } 187 188 func TestAddCookie(t *testing.T) { 189 for i, tt := range addCookieTests { 190 req, _ := NewRequest("GET", "http://example.com/", nil) 191 for _, c := range tt.Cookies { 192 req.AddCookie(c) 193 } 194 if g := req.Header.Get("Cookie"); g != tt.Raw { 195 t.Errorf("Test %d:\nwant: %s\n got: %s\n", i, tt.Raw, g) 196 continue 197 } 198 } 199 } 200 201 var readSetCookiesTests = []struct { 202 Header Header 203 Cookies []*Cookie 204 }{ 205 { 206 Header{"Set-Cookie": {"Cookie-1=v$1"}}, 207 []*Cookie{{Name: "Cookie-1", Value: "v$1", Raw: "Cookie-1=v$1"}}, 208 }, 209 { 210 Header{"Set-Cookie": {"NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly"}}, 211 []*Cookie{{ 212 Name: "NID", 213 Value: "99=YsDT5i3E-CXax-", 214 Path: "/", 215 Domain: ".google.ch", 216 HttpOnly: true, 217 Expires: time.Date(2011, 11, 23, 1, 5, 3, 0, time.UTC), 218 RawExpires: "Wed, 23-Nov-2011 01:05:03 GMT", 219 Raw: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly", 220 }}, 221 }, 222 { 223 Header{"Set-Cookie": {".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}}, 224 []*Cookie{{ 225 Name: ".ASPXAUTH", 226 Value: "7E3AA", 227 Path: "/", 228 Expires: time.Date(2012, 3, 7, 14, 25, 6, 0, time.UTC), 229 RawExpires: "Wed, 07-Mar-2012 14:25:06 GMT", 230 HttpOnly: true, 231 Raw: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly", 232 }}, 233 }, 234 { 235 Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly"}}, 236 []*Cookie{{ 237 Name: "ASP.NET_SessionId", 238 Value: "foo", 239 Path: "/", 240 HttpOnly: true, 241 Raw: "ASP.NET_SessionId=foo; path=/; HttpOnly", 242 }}, 243 }, 244 // Make sure we can properly read back the Set-Cookie headers we create 245 // for values containing spaces or commas: 246 { 247 Header{"Set-Cookie": {`special-1=a z`}}, 248 []*Cookie{{Name: "special-1", Value: "a z", Raw: `special-1=a z`}}, 249 }, 250 { 251 Header{"Set-Cookie": {`special-2=" z"`}}, 252 []*Cookie{{Name: "special-2", Value: " z", Raw: `special-2=" z"`}}, 253 }, 254 { 255 Header{"Set-Cookie": {`special-3="a "`}}, 256 []*Cookie{{Name: "special-3", Value: "a ", Raw: `special-3="a "`}}, 257 }, 258 { 259 Header{"Set-Cookie": {`special-4=" "`}}, 260 []*Cookie{{Name: "special-4", Value: " ", Raw: `special-4=" "`}}, 261 }, 262 { 263 Header{"Set-Cookie": {`special-5=a,z`}}, 264 []*Cookie{{Name: "special-5", Value: "a,z", Raw: `special-5=a,z`}}, 265 }, 266 { 267 Header{"Set-Cookie": {`special-6=",z"`}}, 268 []*Cookie{{Name: "special-6", Value: ",z", Raw: `special-6=",z"`}}, 269 }, 270 { 271 Header{"Set-Cookie": {`special-7=a,`}}, 272 []*Cookie{{Name: "special-7", Value: "a,", Raw: `special-7=a,`}}, 273 }, 274 { 275 Header{"Set-Cookie": {`special-8=","`}}, 276 []*Cookie{{Name: "special-8", Value: ",", Raw: `special-8=","`}}, 277 }, 278 279 // TODO(bradfitz): users have reported seeing this in the 280 // wild, but do browsers handle it? RFC 6265 just says "don't 281 // do that" (section 3) and then never mentions header folding 282 // again. 283 // Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly, .ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}}, 284 } 285 286 func toJSON(v interface{}) string { 287 b, err := json.Marshal(v) 288 if err != nil { 289 return fmt.Sprintf("%#v", v) 290 } 291 return string(b) 292 } 293 294 func TestReadSetCookies(t *testing.T) { 295 for i, tt := range readSetCookiesTests { 296 for n := 0; n < 2; n++ { // to verify readSetCookies doesn't mutate its input 297 c := readSetCookies(tt.Header) 298 if !reflect.DeepEqual(c, tt.Cookies) { 299 t.Errorf("#%d readSetCookies: have\n%s\nwant\n%s\n", i, toJSON(c), toJSON(tt.Cookies)) 300 continue 301 } 302 } 303 } 304 } 305 306 var readCookiesTests = []struct { 307 Header Header 308 Filter string 309 Cookies []*Cookie 310 }{ 311 { 312 Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}}, 313 "", 314 []*Cookie{ 315 {Name: "Cookie-1", Value: "v$1"}, 316 {Name: "c2", Value: "v2"}, 317 }, 318 }, 319 { 320 Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}}, 321 "c2", 322 []*Cookie{ 323 {Name: "c2", Value: "v2"}, 324 }, 325 }, 326 { 327 Header{"Cookie": {"Cookie-1=v$1; c2=v2"}}, 328 "", 329 []*Cookie{ 330 {Name: "Cookie-1", Value: "v$1"}, 331 {Name: "c2", Value: "v2"}, 332 }, 333 }, 334 { 335 Header{"Cookie": {"Cookie-1=v$1; c2=v2"}}, 336 "c2", 337 []*Cookie{ 338 {Name: "c2", Value: "v2"}, 339 }, 340 }, 341 { 342 Header{"Cookie": {`Cookie-1="v$1"; c2="v2"`}}, 343 "", 344 []*Cookie{ 345 {Name: "Cookie-1", Value: "v$1"}, 346 {Name: "c2", Value: "v2"}, 347 }, 348 }, 349 } 350 351 func TestReadCookies(t *testing.T) { 352 for i, tt := range readCookiesTests { 353 for n := 0; n < 2; n++ { // to verify readCookies doesn't mutate its input 354 c := readCookies(tt.Header, tt.Filter) 355 if !reflect.DeepEqual(c, tt.Cookies) { 356 t.Errorf("#%d readCookies:\nhave: %s\nwant: %s\n", i, toJSON(c), toJSON(tt.Cookies)) 357 continue 358 } 359 } 360 } 361 } 362 363 func TestSetCookieDoubleQuotes(t *testing.T) { 364 res := &Response{Header: Header{}} 365 res.Header.Add("Set-Cookie", `quoted0=none; max-age=30`) 366 res.Header.Add("Set-Cookie", `quoted1="cookieValue"; max-age=31`) 367 res.Header.Add("Set-Cookie", `quoted2=cookieAV; max-age="32"`) 368 res.Header.Add("Set-Cookie", `quoted3="both"; max-age="33"`) 369 got := res.Cookies() 370 want := []*Cookie{ 371 {Name: "quoted0", Value: "none", MaxAge: 30}, 372 {Name: "quoted1", Value: "cookieValue", MaxAge: 31}, 373 {Name: "quoted2", Value: "cookieAV"}, 374 {Name: "quoted3", Value: "both"}, 375 } 376 if len(got) != len(want) { 377 t.Fatalf("got %d cookies, want %d", len(got), len(want)) 378 } 379 for i, w := range want { 380 g := got[i] 381 if g.Name != w.Name || g.Value != w.Value || g.MaxAge != w.MaxAge { 382 t.Errorf("cookie #%d:\ngot %v\nwant %v", i, g, w) 383 } 384 } 385 } 386 387 func TestCookieSanitizeValue(t *testing.T) { 388 defer log.SetOutput(os.Stderr) 389 var logbuf bytes.Buffer 390 log.SetOutput(&logbuf) 391 392 tests := []struct { 393 in, want string 394 }{ 395 {"foo", "foo"}, 396 {"foo;bar", "foobar"}, 397 {"foo\\bar", "foobar"}, 398 {"foo\"bar", "foobar"}, 399 {"\x00\x7e\x7f\x80", "\x7e"}, 400 {`"withquotes"`, "withquotes"}, 401 {"a z", "a z"}, 402 {" z", `" z"`}, 403 {"a ", `"a "`}, 404 } 405 for _, tt := range tests { 406 if got := sanitizeCookieValue(tt.in); got != tt.want { 407 t.Errorf("sanitizeCookieValue(%q) = %q; want %q", tt.in, got, tt.want) 408 } 409 } 410 411 if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) { 412 t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got) 413 } 414 } 415 416 func TestCookieSanitizePath(t *testing.T) { 417 defer log.SetOutput(os.Stderr) 418 var logbuf bytes.Buffer 419 log.SetOutput(&logbuf) 420 421 tests := []struct { 422 in, want string 423 }{ 424 {"/path", "/path"}, 425 {"/path with space/", "/path with space/"}, 426 {"/just;no;semicolon\x00orstuff/", "/justnosemicolonorstuff/"}, 427 } 428 for _, tt := range tests { 429 if got := sanitizeCookiePath(tt.in); got != tt.want { 430 t.Errorf("sanitizeCookiePath(%q) = %q; want %q", tt.in, got, tt.want) 431 } 432 } 433 434 if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) { 435 t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got) 436 } 437 } 438 439 func BenchmarkCookieString(b *testing.B) { 440 const wantCookieString = `cookie-9=i3e01nf61b6t23bvfmplnanol3; Path=/restricted/; Domain=example.com; Expires=Tue, 10 Nov 2009 23:00:00 GMT; Max-Age=3600` 441 c := &Cookie{ 442 Name: "cookie-9", 443 Value: "i3e01nf61b6t23bvfmplnanol3", 444 Expires: time.Unix(1257894000, 0), 445 Path: "/restricted/", 446 Domain: ".example.com", 447 MaxAge: 3600, 448 } 449 var benchmarkCookieString string 450 b.ReportAllocs() 451 b.ResetTimer() 452 for i := 0; i < b.N; i++ { 453 benchmarkCookieString = c.String() 454 } 455 if have, want := benchmarkCookieString, wantCookieString; have != want { 456 b.Fatalf("Have: %v Want: %v", have, want) 457 } 458 } 459 460 func BenchmarkReadSetCookies(b *testing.B) { 461 header := Header{ 462 "Set-Cookie": { 463 "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly", 464 ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly", 465 }, 466 } 467 wantCookies := []*Cookie{ 468 { 469 Name: "NID", 470 Value: "99=YsDT5i3E-CXax-", 471 Path: "/", 472 Domain: ".google.ch", 473 HttpOnly: true, 474 Expires: time.Date(2011, 11, 23, 1, 5, 3, 0, time.UTC), 475 RawExpires: "Wed, 23-Nov-2011 01:05:03 GMT", 476 Raw: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly", 477 }, 478 { 479 Name: ".ASPXAUTH", 480 Value: "7E3AA", 481 Path: "/", 482 Expires: time.Date(2012, 3, 7, 14, 25, 6, 0, time.UTC), 483 RawExpires: "Wed, 07-Mar-2012 14:25:06 GMT", 484 HttpOnly: true, 485 Raw: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly", 486 }, 487 } 488 var c []*Cookie 489 b.ReportAllocs() 490 b.ResetTimer() 491 for i := 0; i < b.N; i++ { 492 c = readSetCookies(header) 493 } 494 if !reflect.DeepEqual(c, wantCookies) { 495 b.Fatalf("readSetCookies:\nhave: %s\nwant: %s\n", toJSON(c), toJSON(wantCookies)) 496 } 497 } 498 499 func BenchmarkReadCookies(b *testing.B) { 500 header := Header{ 501 "Cookie": { 502 `de=; client_region=0; rpld1=0:hispeed.ch|20:che|21:zh|22:zurich|23:47.36|24:8.53|; rpld0=1:08|; backplane-channel=newspaper.com:1471; devicetype=0; osfam=0; rplmct=2; s_pers=%20s_vmonthnum%3D1472680800496%2526vn%253D1%7C1472680800496%3B%20s_nr%3D1471686767664-New%7C1474278767664%3B%20s_lv%3D1471686767669%7C1566294767669%3B%20s_lv_s%3DFirst%2520Visit%7C1471688567669%3B%20s_monthinvisit%3Dtrue%7C1471688567677%3B%20gvp_p5%3Dsports%253Ablog%253Aearly-lead%2520-%2520184693%2520-%252020160820%2520-%2520u-s%7C1471688567681%3B%20gvp_p51%3Dwp%2520-%2520sports%7C1471688567684%3B; s_sess=%20s_wp_ep%3Dhomepage%3B%20s._ref%3Dhttps%253A%252F%252Fwww.google.ch%252F%3B%20s_cc%3Dtrue%3B%20s_ppvl%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_ppv%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-s-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_dslv%3DFirst%2520Visit%3B%20s_sq%3Dwpninewspapercom%253D%252526pid%25253Dsports%2525253Ablog%2525253Aearly-lead%25252520-%25252520184693%25252520-%2525252020160820%25252520-%25252520u-s%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.newspaper.com%2525252F%2525253Fnid%2525253Dmenu_nav_homepage%252526ot%25253DA%3B`, 503 }, 504 } 505 wantCookies := []*Cookie{ 506 {Name: "de", Value: ""}, 507 {Name: "client_region", Value: "0"}, 508 {Name: "rpld1", Value: "0:hispeed.ch|20:che|21:zh|22:zurich|23:47.36|24:8.53|"}, 509 {Name: "rpld0", Value: "1:08|"}, 510 {Name: "backplane-channel", Value: "newspaper.com:1471"}, 511 {Name: "devicetype", Value: "0"}, 512 {Name: "osfam", Value: "0"}, 513 {Name: "rplmct", Value: "2"}, 514 {Name: "s_pers", Value: "%20s_vmonthnum%3D1472680800496%2526vn%253D1%7C1472680800496%3B%20s_nr%3D1471686767664-New%7C1474278767664%3B%20s_lv%3D1471686767669%7C1566294767669%3B%20s_lv_s%3DFirst%2520Visit%7C1471688567669%3B%20s_monthinvisit%3Dtrue%7C1471688567677%3B%20gvp_p5%3Dsports%253Ablog%253Aearly-lead%2520-%2520184693%2520-%252020160820%2520-%2520u-s%7C1471688567681%3B%20gvp_p51%3Dwp%2520-%2520sports%7C1471688567684%3B"}, 515 {Name: "s_sess", Value: "%20s_wp_ep%3Dhomepage%3B%20s._ref%3Dhttps%253A%252F%252Fwww.google.ch%252F%3B%20s_cc%3Dtrue%3B%20s_ppvl%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_ppv%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-s-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_dslv%3DFirst%2520Visit%3B%20s_sq%3Dwpninewspapercom%253D%252526pid%25253Dsports%2525253Ablog%2525253Aearly-lead%25252520-%25252520184693%25252520-%2525252020160820%25252520-%25252520u-s%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.newspaper.com%2525252F%2525253Fnid%2525253Dmenu_nav_homepage%252526ot%25253DA%3B"}, 516 } 517 var c []*Cookie 518 b.ReportAllocs() 519 b.ResetTimer() 520 for i := 0; i < b.N; i++ { 521 c = readCookies(header, "") 522 } 523 if !reflect.DeepEqual(c, wantCookies) { 524 b.Fatalf("readCookies:\nhave: %s\nwant: %s\n", toJSON(c), toJSON(wantCookies)) 525 } 526 }