[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-13 Thread Roundup Robot 

Roundup Robot added the comment:

New changeset 44c1c0cbdc06 by Serhiy Storchaka in branch '2.7':
Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.
https://hg.python.org/cpython/rev/44c1c0cbdc06

New changeset c1abcbcfefab by Serhiy Storchaka in branch '3.4':
Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.
https://hg.python.org/cpython/rev/c1abcbcfefab

New changeset 7cc7c794d1cb by Serhiy Storchaka in branch 'default':
Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.
https://hg.python.org/cpython/rev/7cc7c794d1cb

--
nosy: +python-dev

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-13 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:

As side effect the parsing is now twice faster.

$ ./python -m timeit -s from http.cookiejar import parse_ns_headers -- 
parse_ns_headers('foo=bar; Expires=Thu, 01 Jan 1970 00:00:10 GMT')
Before: 1000 loops, best of 3: 976 usec per loop
After:  1000 loops, best of 3: 537 usec per loop

--
resolution:  - fixed
stage: commit review - resolved
status: open - closed

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-13 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:

Oh, this was incorrect example. The correct one is:

$ ./python -m timeit -s from http.cookiejar import parse_ns_headers -- 
parse_ns_headers(['foo=bar; path=/; version=1; Expires=Thu, 01 Jan 1970 
00:00:10 GMT'])
Before: 1 loops, best of 3: 177 usec per loop
After:  1 loops, best of 3: 104 usec per loop

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-12 Thread Demian Brecht 

Changes by Demian Brecht demianbre...@gmail.com:


Added file: http://bugs.python.org/file38464/issue23138_2.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-10 Thread Demian Brecht 

Changes by Demian Brecht demianbre...@gmail.com:


--
stage: patch review - commit review

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-10 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:

This looks reasonable.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-09 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:

I think that for consistency either parse empty name-value pair as key=, 
value=None, or ignore all non-conformed cases. For backward compatibility I 
prefer first way.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-09 Thread Demian Brecht 

Demian Brecht added the comment:

I agree that the current implementation doesn't conform to standards, but do 
you think those cases are worth fixing as they can potentially break backwards 
compatibility? I think that the reported case makes sense to fix as the 
name/value pair are entirely unexpected. However, the current behaviour is 
logical for the cases that you've pointed out.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-09 Thread Demian Brecht 

Changes by Demian Brecht demianbre...@gmail.com:


Removed file: http://bugs.python.org/file38262/issue23138_27.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-09 Thread Demian Brecht 

Changes by Demian Brecht demianbre...@gmail.com:


Removed file: http://bugs.python.org/file38261/issue23138_34.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-09 Thread Demian Brecht 

Demian Brecht added the comment:

 I think that for consistency either parse empty name-value pair as key=, 
 value=None

There is already a test present 
(https://hg.python.org/cpython/file/0469af231d22/Lib/test/test_http_cookiejar.py#l1084)
 that ensures an unset name/value pair is ignored altogether, so I don't think 
that makes sense from a backwards compatibility standpoint. For consistency, I 
kept the functionality where nameless cookies are ignored (i.e. =foo). I 
think that while it may be breaking backwards compatibility for buggy edge 
cases, it's more consistent with existing functionality and actually conforms 
to the RFC. That said, I'm not going to argue over it heatedly, so if you'd 
still rather see those cases permitted, let me know and I'll change it.

Valueless cookies are still permitted to keep backwards compatible as there are 
existing tests for that.

--
Added file: http://bugs.python.org/file38416/issue23138_1.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-07 Thread Serhiy Storchaka 

Serhiy Storchaka added the comment:

According to RFC 6265, Section 5.2:

   2.  If the name-value-pair string lacks a %x3D (=) character,
   ignore the set-cookie-string entirely.

But Set-Cookie: spam; Expires=Thu, 01 Jan 1970 00:00:10 GMT is accepted. 
key=spam, value=None.

   5.  If the name string is empty, ignore the set-cookie-string
   entirely.

But Set-Cookie: =spam; Expires=Thu, 01 Jan 1970 00:00:10 GMT is accepted. 
key=, value=spam.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-03-07 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka storch...@gmail.com:


--
assignee:  - serhiy.storchaka
nosy: +serhiy.storchaka

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-02-27 Thread Berker Peksag 

Changes by Berker Peksag berker.pek...@gmail.com:


--
nosy: +berker.peksag

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-02-27 Thread Demian Brecht 

Demian Brecht added the comment:

Attached is a fix that ignores the entire invalid cookie as defined in RFC 
6265, Section 5.2. I'm also attaching patches for maintenance branches as it's 
a valid bug (NAME=VALUE pairs are required across all RFCs), although it would 
break backwards compatibility if the user was expecting invalid behaviour.

--
keywords: +easy, patch
stage:  - patch review
Added file: http://bugs.python.org/file38260/issue23138_tip.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-02-27 Thread Demian Brecht 

Changes by Demian Brecht demianbre...@gmail.com:


Added file: http://bugs.python.org/file38262/issue23138_27.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-02-27 Thread Demian Brecht 

Changes by Demian Brecht demianbre...@gmail.com:


Added file: http://bugs.python.org/file38261/issue23138_34.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2015-02-24 Thread Mark Lawrence 

Mark Lawrence added the comment:

@Demian I believe this may be of interest to you.

--
nosy: +BreamoreBoy, demian.brecht
versions:  -Python 3.2, Python 3.3

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23138] cookiejar parses cookie value as int with empty name-value pair and Expires

2014-12-30 Thread Christopher Foo 

New submission from Christopher Foo:

Something like Set-Cookie: ; Expires=Thu, 01 Jan 1970 00:00:10 GMT causes the 
resulting cookie.value to be parsed as an int.

I expected either str or None as described in the documentation.

Example evil server:

try:
import http.server as http_server
except ImportError:
import BaseHTTPServer as http_server


class MyHandler(http_server.BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header('Set-Cookie', '; Expires=Thu, 01 Jan 1970 00:00:10 
GMT')
self.send_header('Set-Cookie', 'good=123.45600')
self.end_headers()


def main():
server = http_server.HTTPServer(('127.0.0.1', 8000), MyHandler)
server.serve_forever()


if __name__ == '__main__':
main()


Example innocent client:

try:
import http.cookiejar as http_cookiejar
except ImportError:
import cookielib as http_cookiejar

try:
import urllib.request as urllib_request
except ImportError:
import urllib2 as urllib_request


def main():
cj = http_cookiejar.CookieJar()
opener = 
urllib_request.build_opener(urllib_request.HTTPCookieProcessor(cj))
r = opener.open(http://127.0.0.1:8000/;)

print(cj._cookies)

if __name__ == '__main__':
main()


The resulting output is:

{'127.0.0.1': {'/': {'expires': Cookie(version=0, name='expires', value=10.0, 
port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, 
domain_initial_dot=False, path='/', path_specified=False, secure=False, 
expires=None, discard=True, comment=None, comment_url=None, rest={}, 
rfc2109=False), 'good': Cookie(version=0, name='good', value='123.45600', 
port=None, port_specified=False, domain='127.0.0.1', domain_specified=False, 
domain_initial_dot=False, path='/', path_specified=False, secure=False, 
expires=None, discard=True, comment=None, comment_url=None, rest={}, 
rfc2109=False)}}}

It gives two cookies where the first one contains name='expires', value=10.0 
which is unexpected. I expected that either the bad cookie is discarded or it 
is accepted but the value is always a str (even if it is garbage) or None.

This bug was found in my custom cookie policy where I do len(cookie.value or 
''). There is also a reference on StackOverflow but I believe no Python library 
bug report was filed: http://stackoverflow.com/q/20325571/1524507 . 

This was tested on Python 2.7.8, 3.2.6, 3.3.6, and 3.4.2.

--
components: Library (Lib)
messages: 233227
nosy: chfoo
priority: normal
severity: normal
status: open
title: cookiejar parses cookie value as int with empty name-value pair and 
Expires
type: behavior
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23138
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com