diff options
Diffstat (limited to 'tests/cookies-test.c')
| -rw-r--r-- | tests/cookies-test.c | 179 |
1 files changed, 174 insertions, 5 deletions
diff --git a/tests/cookies-test.c b/tests/cookies-test.c index 8735964c..d25da0e9 100644 --- a/tests/cookies-test.c +++ b/tests/cookies-test.c @@ -101,6 +101,7 @@ do_cookies_subdomain_policy_test (void) GSList *cookies; SoupURI *uri1; SoupURI *uri2; + SoupURI *uri3; g_test_bug ("792130"); @@ -109,6 +110,7 @@ do_cookies_subdomain_policy_test (void) */ uri1 = soup_uri_new ("https://www.gnome.org"); uri2 = soup_uri_new ("https://foundation.gnome.org"); + uri3 = soup_uri_new ("https://www.gnome.org."); /* We can't check subdomains with a test server running on * localhost, so we'll just check the cookie jar API itself. @@ -136,16 +138,117 @@ do_cookies_subdomain_policy_test (void) g_assert_cmpint (g_slist_length (cookies), ==, 2); g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); - /* A leading dot in the domain property should not affect things. - * This cookie should be accepted. Three cookies in the jar. + /* Now some Domain attribute tests.*/ + soup_cookie_jar_set_accept_policy (jar, SOUP_COOKIE_JAR_ACCEPT_ALWAYS); + + /* The cookie must be rejected if the Domain is not an appropriate + * match for the URI. Still two cookies in the jar. */ - soup_cookie_jar_set_cookie_with_first_party (jar, uri1, uri1, "4=foo; Domain=.www.gnome.org"); + soup_cookie_jar_set_cookie (jar, uri1, "4=foo; Domain=gitlab.gnome.org"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 2); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* Now the Domain is an appropriate match. Three cookies in the jar. */ + soup_cookie_jar_set_cookie (jar, uri1, "5=foo; Domain=gnome.org"); cookies = soup_cookie_jar_all_cookies (jar); g_assert_cmpint (g_slist_length (cookies), ==, 3); g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + /* A leading dot in the domain property should not affect things. + * This cookie should be accepted. Four cookies in the jar. + */ + soup_cookie_jar_set_cookie (jar, uri1, "6=foo; Domain=.www.gnome.org"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 4); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* The cookie must be rejected if the Domain ends in a trailing dot + * but the uri doesn't. + */ + soup_cookie_jar_set_cookie (jar, uri1, "7=foo; Domain=www.gnome.org."); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 4); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* The cookie should be accepted if both Domain and URI end with a trailing + * dot and they are a match. Five cookies in the jar. + */ + soup_cookie_jar_set_cookie (jar, uri3, "8=foo; Domain=gnome.org."); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 5); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* The cookie should be rejected if URI has trailing dot but Domain doesn't. + * Five cookies in the jar. + */ + soup_cookie_jar_set_cookie (jar, uri3, "9=foo; Domain=gnome.org"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 5); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* It should not be possible to set a cookie for a TLD. Still five + * cookies in the jar. + */ + soup_cookie_jar_set_cookie (jar, uri1, "10=foo; Domain=.org"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 5); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* It should still not be possible to set a cookie for a TLD, even if + * we are tricksy and have a trailing dot. Still only five cookies. + */ + soup_cookie_jar_set_cookie (jar, uri3, "11=foo; Domain=.org."); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 5); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + soup_uri_free (uri1); soup_uri_free (uri2); + soup_uri_free (uri3); + g_object_unref (jar); +} + +static void +do_cookies_strict_secure_test (void) +{ + SoupCookieJar *jar; + GSList *cookies; + SoupURI *insecure_uri; + SoupURI *secure_uri; + + insecure_uri = soup_uri_new ("http://gnome.org"); + secure_uri = soup_uri_new ("https://gnome.org"); + jar = soup_cookie_jar_new (); + + /* Set a cookie from secure origin */ + soup_cookie_jar_set_cookie (jar, secure_uri, "1=foo; secure"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 1); + g_assert_cmpstr (soup_cookie_get_value(cookies->data), ==, "foo"); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* Do not allow an insecure origin to overwrite a secure cookie */ + soup_cookie_jar_set_cookie (jar, insecure_uri, "1=bar"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 1); + g_assert_cmpstr (soup_cookie_get_value(cookies->data), ==, "foo"); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* Secure can only be set by from secure origin */ + soup_cookie_jar_set_cookie (jar, insecure_uri, "2=foo; secure"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 1); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* But we can make one for another path */ + soup_cookie_jar_set_cookie (jar, insecure_uri, "1=foo; path=/foo"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 2); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + soup_uri_free (insecure_uri); + soup_uri_free (secure_uri); g_object_unref (jar); } @@ -175,13 +278,13 @@ do_cookies_parsing_test (void) msg = soup_message_new_from_uri ("GET", first_party_uri); soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie", - "two=2; HttpOnly; max-age=100"); + "two=2; HttpOnly; max-age=100; SameSite=Invalid"); soup_session_send_message (session, msg); g_object_unref (msg); msg = soup_message_new_from_uri ("GET", first_party_uri); soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie", - "three=3; httpONLY=Wednesday; max-age=100"); + "three=3; httpONLY=Wednesday; max-age=100; SameSite=Lax"); soup_session_send_message (session, msg); g_object_unref (msg); @@ -199,10 +302,12 @@ do_cookies_parsing_test (void) got2 = TRUE; g_assert_true (soup_cookie_get_http_only (cookie)); g_assert_true (soup_cookie_get_expires (cookie) != NULL); + g_assert_cmpint (soup_cookie_get_same_site_policy (cookie), ==, SOUP_SAME_SITE_POLICY_NONE); } else if (!strcmp (soup_cookie_get_name (cookie), "three")) { got3 = TRUE; g_assert_true (soup_cookie_get_http_only (cookie)); g_assert_true (soup_cookie_get_expires (cookie) != NULL); + g_assert_cmpint (soup_cookie_get_same_site_policy (cookie), ==, SOUP_SAME_SITE_POLICY_LAX); } else { soup_test_assert (FALSE, "got unexpected cookie '%s'", soup_cookie_get_name (cookie)); @@ -219,6 +324,66 @@ do_cookies_parsing_test (void) soup_test_session_abort_unref (session); } +static void +do_cookies_parsing_nopath_nullorigin (void) +{ + SoupCookie *cookie = soup_cookie_parse ("NAME=Value", NULL); + g_assert_nonnull (cookie); + g_assert_cmpstr ("/", ==, soup_cookie_get_path (cookie)); + soup_cookie_free (cookie); +} + +static void +do_get_cookies_empty_host_test (void) +{ + SoupCookieJar *jar; + SoupURI *uri; + char *cookies; + + jar = soup_cookie_jar_new (); + uri = soup_uri_new ("file:///whatever.html"); + + cookies = soup_cookie_jar_get_cookies (jar, uri, FALSE); + + g_assert_null (cookies); + + g_object_unref (jar); + soup_uri_free (uri); +} + +static void +send_callback (GObject *source_object, + GAsyncResult *res, + GMainLoop *loop) +{ + g_main_loop_quit (loop); +} + +static void +do_remove_feature_test (void) +{ + SoupSession *session; + SoupMessage *msg; + SoupURI *uri; + GMainLoop *loop; + + session = soup_test_session_new (SOUP_TYPE_SESSION, NULL); + soup_session_add_feature_by_type (session, SOUP_TYPE_COOKIE_JAR); + uri = soup_uri_new_with_base (first_party_uri, "/index.html"); + msg = soup_message_new_from_uri ("GET", uri); + soup_message_set_first_party (msg, first_party_uri); + + loop = g_main_loop_new (NULL, TRUE); + soup_session_send_async (session, msg, NULL, (GAsyncReadyCallback)send_callback, loop); + soup_session_remove_feature_by_type (session, SOUP_TYPE_COOKIE_JAR); + + g_main_loop_run(loop); + + g_main_loop_unref (loop); + g_object_unref (msg); + soup_uri_free (uri); +} + int main (int argc, char **argv) { @@ -239,6 +404,10 @@ main (int argc, char **argv) g_test_add_func ("/cookies/accept-policy", do_cookies_accept_policy_test); g_test_add_func ("/cookies/accept-policy-subdomains", do_cookies_subdomain_policy_test); g_test_add_func ("/cookies/parsing", do_cookies_parsing_test); + g_test_add_func ("/cookies/parsing/no-path-null-origin", do_cookies_parsing_nopath_nullorigin); + g_test_add_func ("/cookies/get-cookies/empty-host", do_get_cookies_empty_host_test); + g_test_add_func ("/cookies/remove-feature", do_remove_feature_test); + g_test_add_func ("/cookies/secure-cookies", do_cookies_strict_secure_test); ret = g_test_run (); |