// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cookies/cookie_util.h" #include <memory> #include <optional> #include <string> #include <tuple> #include <utility> #include <vector> #include "base/containers/contains.h" #include "base/functional/callback.h" #include "base/strings/strcat.h" #include "base/strings/string_split.h" #include "base/test/bind.h" #include "base/test/scoped_feature_list.h" #include "base/time/time.h" #include "net/base/features.h" #include "net/cookies/cookie_constants.h" #include "net/cookies/cookie_options.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/origin.h" namespace net { namespace { struct RequestCookieParsingTest { … }; void CheckParse(const std::string& str, const base::StringPairs& parsed_expected) { … } void CheckSerialize(const base::StringPairs& parsed, const std::string& str_expected) { … } TEST(CookieUtilTest, TestDomainIsHostOnly) { … } // A cookie domain containing non-ASCII characters is not allowed, even if it // matches the domain from the URL. TEST(CookieUtilTest, GetCookieDomainWithString_NonASCII) { … } // An empty domain string results in the domain from the URL. TEST(CookieUtilTest, GetCookieDomainWithString_Empty) { … } // A cookie domain string equal to the URL host, when that is an IP, results in // the IP. TEST(CookieUtilTest, GetCookieDomainWithString_IP) { … } // A cookie domain string equal to a dot prefixed to the URL host, when that is // an IP, results in the IP, without the dot. TEST(CookieUtilTest, GetCookieDomainWithString_DotIP) { … } // A cookie domain string containing %-encoding is not allowed. TEST(CookieUtilTest, GetCookieDomainWithString_PercentEncoded) { … } // A cookie domain string that cannot be canonicalized is not allowed. TEST(CookieUtilTest, GetCookieDomainWithString_UnCanonicalizable) { … } // A cookie domain that is an eTLD but matches the URL results in a host cookie // domain. TEST(CookieUtilTest, GetCookieDomainWithString_ETldMatchesUrl) { … } // A cookie domain that is an eTLD but matches the URL results in a host cookie // domain, even if it is given with a dot prefix. TEST(CookieUtilTest, GetCookieDomainWithString_ETldMatchesUrl_DotPrefix) { … } // A cookie domain that is an eTLD but matches the URL results in a host cookie // domain, even if its capitalization is non-canonical. TEST(CookieUtilTest, GetCookieDomainWithString_ETldMatchesUrl_NonCanonical) { … } // A cookie domain that is an eTLD but does not match the URL is not allowed. TEST(CookieUtilTest, GetCookieDomainWithString_ETldDifferentUrl) { … } // A cookie domain with a different eTLD+1 ("organization-identifying host") // from the URL is not allowed. TEST(CookieUtilTest, GetCookieDomainWithString_DifferentOrgHost) { … } // A cookie domain that matches the URL results in a domain cookie domain. TEST(CookieUtilTest, GetCookieDomainWithString_MatchesUrl) { … } // A cookie domain that matches the URL but has a `.` prefix results in a domain // cookie domain. TEST(CookieUtilTest, GetCookieDomainWithString_MatchesUrlWithDot) { … } // A cookie domain that is a subdomain of the URL host is not allowed. TEST(CookieUtilTest, GetCookieDomainWithString_Subdomain) { … } // A URL that is a subdomain of the cookie domain results in a domain cookie. TEST(CookieUtilTest, GetCookieDomainWithString_UrlSubdomain) { … } // A URL of which the cookie domain is a substring, but not a dotted suffix, // is not allowed. TEST(CookieUtilTest, GetCookieDomainWithString_SubstringButUrlNotSubdomain) { … } // A URL which has a different subdomain of the eTLD+1 than the cookie domain is // not allowed, regardless of which hostname is longer. TEST(CookieUtilTest, GetCookieDomainWithString_DifferentSubdomain) { … } // A URL without a host can set a "host" cookie with no cookie domain. TEST(CookieUtilTest, GetCookieDomainWithString_NoUrlHost) { … } // A URL with two trailing dots (which is an invalid hostname per // rfc6265bis-11#5.1.2 and will cause GetDomainAndRegistry to return an empty // string) is not allowed. TEST(CookieUtilTest, GetCookieDomainWithString_TrailingDots) { … } // A "normal" URL does not match with a cookie containing two trailing dots (or // just one). TEST(CookieUtilTest, GetCookieDomainWithString_TrailingDots_NotMatchingUrlHost) { … } // A URL containing an IP address is allowed, if that IP matches the cookie // domain. TEST(CookieUtilTest, GetCookieDomainWithString_UrlHostIP) { … } // A cookie domain with a dot-prefixed IP is allowed, if the IP matches // the URL, but is transformed to a host cookie domain. TEST(CookieUtilTest, GetCookieDomainWithString_UrlHostIP_DomainCookie) { … } // A URL containing a TLD that is unknown as a registry is allowed, if it // matches the cookie domain. TEST(CookieUtilTest, GetCookieDomainWithString_UnknownRegistry) { … } TEST(CookieUtilTest, TestCookieDateParsing) { … } // Tests parsing dates that are beyond 2038. 32-bit (non-Mac) POSIX systems are // incapable of doing this, however the expectation is for cookie parsing to // succeed anyway (and return the minimum value Time::FromUTCExploded() can // parse on the current platform). Also checks a date outside the limit on // Windows, which is year 30827. TEST(CookieUtilTest, ParseCookieExpirationTimeBeyond2038) { … } // Tests parsing dates that are prior to (or around) 1970. Non-Mac POSIX systems // are incapable of doing this, however the expectation is for cookie parsing to // succeed anyway (and return a minimal base::Time). TEST(CookieUtilTest, ParseCookieExpirationTimeBefore1970) { … } TEST(CookieUtilTest, TestRequestCookieParsing) { … } TEST(CookieUtilTest, TestRequestCookieParsing_Malformed) { … } TEST(CookieUtilTest, CookieDomainAndPathToURL) { … } TEST(CookieUtilTest, SimulatedCookieSource) { … } TEST(CookieUtilTest, TestGetEffectiveDomain) { … } TEST(CookieUtilTest, TestIsDomainMatch) { … } TEST(CookieUtilTest, TestIsOnPath) { … } TEST(CookieUtilTest, TestIsOnPathCaseSensitive) { … } AllOf; SameSiteCookieContext; ContextType; ContextRedirectTypeBug1221316; HttpMethod; MATCHER_P2(ContextTypeIsWithSchemefulMode, context_type, schemeful, "") { … } // Checks for the expected metadata related to context downgrades from // cross-site redirects. MATCHER_P5(CrossSiteRedirectMetadataCorrectWithSchemefulMode, method, context_type_without_chain, context_type_with_chain, redirect_type_with_chain, schemeful, "") { … } std::string UrlChainToString(const std::vector<GURL>& url_chain) { … } // Tests for the various ComputeSameSiteContextFor*() functions. The first // boolean test param is whether the results of the computations are evaluated // schemefully. The second boolean param is whether SameSite considers redirect // chains. class CookieUtilComputeSameSiteContextTest : public ::testing::TestWithParam<std::tuple<bool, bool>> { … }; TEST_P(CookieUtilComputeSameSiteContextTest, UrlAndSiteForCookiesCrossSite) { … } TEST_P(CookieUtilComputeSameSiteContextTest, SiteForCookiesNotSchemefullySame) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForScriptGet) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForScriptGet_SchemefulDowngrade) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForScriptGet_WebSocketSchemes) { … } // Test cases where the URL chain has 1 member (i.e. no redirects). TEST_P(CookieUtilComputeSameSiteContextTest, ForRequest) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForRequest_SchemefulDowngrade) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForRequest_WebSocketSchemes) { … } // Test cases where the URL chain contains multiple members, where the last // member (current request URL) is same-site to kSiteUrl. (Everything is listed // as same-site or cross-site relative to kSiteUrl.) TEST_P(CookieUtilComputeSameSiteContextTest, ForRequest_Redirect) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForScriptSet) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForScriptSet_SchemefulDowngrade) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForScriptSet_WebSocketSchemes) { … } // Test cases where the URL chain has 1 member (i.e. no redirects). TEST_P(CookieUtilComputeSameSiteContextTest, ForResponse) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForResponse_SchemefulDowngrade) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForResponse_WebSocketSchemes) { … } // Test cases where the URL chain contains multiple members, where the last // member (current request URL) is same-site to kSiteUrl. (Everything is listed // as same-site or cross-site relative to kSiteUrl.) TEST_P(CookieUtilComputeSameSiteContextTest, ForResponse_Redirect) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForSubresource) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForSubresource_SchemefulDowngrade) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForSubresource_WebSocketSchemes) { … } TEST_P(CookieUtilComputeSameSiteContextTest, ForceIgnoreSiteForCookies) { … } INSTANTIATE_TEST_SUITE_P(…); TEST(CookieUtilTest, IsCookieAccessResultInclude) { … } } // namespace } // namespace net
Codebase Browser
chromium