Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.

Patch by Demian Brecht.
2025-08-31 14:07:50 +00:00 · 2015-03-13 09:05:01 +02:00 · 2015-03-13 09:05:01 +02:00 · 577fc4e87f
commit 577fc4e87f
parent 79fbeee237
3 changed files with 57 additions and 15 deletions
--- a/Lib/test/test_http_cookiejar.py
+++ b/Lib/test/test_http_cookiejar.py
@ -479,6 +479,9 @@ class CookieTests(unittest.TestCase):
        interact_netscape(c, "http://www.acme.com:80/", 'foo=bar; expires=')
        interact_netscape(c, "http://www.acme.com:80/", 'spam=eggs; '
                          'expires="Foo Bar 25 33:22:11 3022"')
+        interact_netscape(c, 'http://www.acme.com/', 'fortytwo=')
+        interact_netscape(c, 'http://www.acme.com/', '=unladenswallow')
+        interact_netscape(c, 'http://www.acme.com/', 'holyhandgrenade')

        cookie = c._cookies[".acme.com"]["/"]["spam"]
        self.assertEqual(cookie.domain, ".acme.com")
@ -505,6 +508,16 @@ class CookieTests(unittest.TestCase):
        self.assertIsNone(foo.expires)
        self.assertIsNone(spam.expires)

+        cookie = c._cookies['www.acme.com']['/']['fortytwo']
+        self.assertIsNotNone(cookie.value)
+        self.assertEqual(cookie.value, '')
+
+        # there should be a distinction between a present but empty value
+        # (above) and a value that's entirely missing (below)
+
+        cookie = c._cookies['www.acme.com']['/']['holyhandgrenade']
+        self.assertIsNone(cookie.value)
+
    def test_ns_parser_special_names(self):
        # names such as 'expires' are not special in first name=value pair
        # of Set-Cookie: header
@ -1080,6 +1093,13 @@ class CookieTests(unittest.TestCase):
            parse_ns_headers(["foo"]),
            [[("foo", None), ("version", "0")]]
            )
+        # missing cookie values for parsed attributes
+        self.assertEqual(
+            parse_ns_headers(['foo=bar; expires']),
+            [[('foo', 'bar'), ('expires', None), ('version', '0')]])
+        self.assertEqual(
+            parse_ns_headers(['foo=bar; version']),
+            [[('foo', 'bar'), ('version', None)]])
        # shouldn't add version if header is empty
        self.assertEqual(parse_ns_headers([""]), [])

@ -1092,6 +1112,8 @@ class CookieTests(unittest.TestCase):
            c.extract_cookies(r, req)
            return c

+        future = time2netscape(time.time()+3600)
+
        # none of these bad headers should cause an exception to be raised
        for headers in [
            ["Set-Cookie: "],  # actually, nothing wrong with this
@ -1102,6 +1124,7 @@ class CookieTests(unittest.TestCase):
            ["Set-Cookie: b=foo; max-age=oops"],
            # bad version
            ["Set-Cookie: b=foo; version=spam"],
+            ["Set-Cookie:; Expires=%s" % future],
            ]:
            c = cookiejar_from_cookie_headers(headers)
            # these bad cookies shouldn't be set