Author: markt
Date: Wed May 21 12:20:23 2014
New Revision: 1596551
URL: http://svn.apache.org/r1596551
Log:
Apply patch 02 from jboynes to improve cookie handling.
Refactor cookie tests to test each CookieNameValidator directly.
I made a few additional changes.
The patch should be safe since it only impacts the unit tests.
Added:
tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
(with props)
tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
(with props)
Modified:
tomcat/trunk/test/javax/servlet/http/TestCookie.java
tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java
Modified: tomcat/trunk/test/javax/servlet/http/TestCookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1596551&r1=1596550&r2=1596551&view=diff
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookie.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Wed May 21 12:20:23
2014
@@ -30,8 +30,6 @@ public class TestCookie {
public static final BitSet SEPARATORS;
public static final BitSet TOKEN; // 1*<any CHAR except CTLs or separators>
- public static final BitSet NETSCAPE_NAME; // "any character except comma,
semicolon and whitespace"
-
static {
CHAR = new BitSet(256);
CHAR.set(0, 128);
@@ -49,13 +47,6 @@ public class TestCookie {
TOKEN.or(CHAR); // any CHAR
TOKEN.andNot(CTL); // except CTLs
TOKEN.andNot(SEPARATORS); // or separators
-
- NETSCAPE_NAME = new BitSet(256);
- NETSCAPE_NAME.or(CHAR);
- NETSCAPE_NAME.andNot(CTL);
- NETSCAPE_NAME.clear(';');
- NETSCAPE_NAME.clear(',');
- NETSCAPE_NAME.clear(' ');
}
@Test
@@ -75,10 +66,6 @@ public class TestCookie {
Assert.assertEquals(0, cookie.getVersion());
}
- @Test
- public void actualCharactersAllowedInName() {
- checkCharInName(NETSCAPE_NAME);
- }
@Test(expected = IllegalArgumentException.class)
public void leadingDollar() {
@@ -140,20 +127,27 @@ public class TestCookie {
Assert.assertEquals("HttpOnly", cookie.getName());
}
- public static void checkCharInName(BitSet allowed) {
+ @Test
+ public void strictNamingImpliesRFC2109() {
+ // Not using strict naming here so this should be OK
+ @SuppressWarnings("unused")
+ Cookie cookie = new Cookie("@Foo", null);
+ }
+
+ public static void checkCharInName(CookieNameValidator validator, BitSet
allowed) {
for (char ch = 0; ch < allowed.size(); ch++) {
- Boolean expected = Boolean.valueOf(allowed.get(ch));
+ boolean expected = allowed.get(ch);
String name = "X" + ch + "X";
- Boolean actual;
try {
- @SuppressWarnings("unused")
- Cookie c = new Cookie(name, null);
- actual = Boolean.TRUE;
+ validator.validate(name);
+ if (!expected) {
+ Assert.fail(String.format("Char %d should not be allowed",
Integer.valueOf(ch)));
+ }
} catch (IllegalArgumentException e) {
- actual = Boolean.FALSE;
+ if (expected) {
+ Assert.fail(String.format("Char %d should be allowed",
Integer.valueOf(ch)));
+ }
}
- String msg = String.format("Check for char %d in name",
Integer.valueOf(ch));
- Assert.assertEquals(msg, expected, actual);
}
}
}
Added: tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java?rev=1596551&view=auto
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
(added)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java Wed
May 21 12:20:23 2014
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.servlet.http;
+
+import java.util.BitSet;
+
+import org.junit.Test;
+
+/**
+ * Basic tests for Cookie in default configuration.
+ */
+public class TestCookieNetscapeValidator {
+
+ private NetscapeValidator validator = new NetscapeValidator();
+
+ @Test
+ public void actualCharactersAllowedInName() {
+ // "any character except comma, semicolon and whitespace"
+ BitSet allowed = new BitSet(256);
+ allowed.or(TestCookie.CHAR);
+ allowed.andNot(TestCookie.CTL);
+ allowed.clear(';');
+ allowed.clear(',');
+ allowed.clear(' ');
+ TestCookie.checkCharInName(validator, allowed);
+ }
+}
Propchange:
tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java?rev=1596551&view=auto
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java (added)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java Wed
May 21 12:20:23 2014
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.servlet.http;
+
+import org.junit.Test;
+
+/**
+ * Basic tests for Cookie in default configuration.
+ */
+public class TestCookieRFC2109Validator {
+ static {
+
System.setProperty("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR",
"true");
+ }
+
+ private RFC2109Validator validator = new RFC2109Validator();
+
+ @Test
+ public void actualCharactersAllowedInName() {
+ TestCookie.checkCharInName(validator, TestCookie.TOKEN);
+ }
+}
Propchange: tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java?rev=1596551&r1=1596550&r2=1596551&view=diff
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java Wed May 21
12:20:23 2014
@@ -25,7 +25,6 @@ import org.junit.Test;
public class TestCookieStrict {
static {
System.setProperty("org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING",
"true");
-
System.setProperty("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR",
"true");
}
@Test
@@ -37,8 +36,9 @@ public class TestCookieStrict {
Assert.assertEquals(-1, cookie.getMaxAge());
}
- @Test
- public void actualCharactersAllowedInName() {
- TestCookie.checkCharInName(TestCookie.TOKEN);
+ @Test(expected = IllegalArgumentException.class)
+ public void strictNamingImpliesRFC2109() {
+ @SuppressWarnings("unused")
+ Cookie cookie = new Cookie("@Foo", null);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
