Chromium Code Reviews Chromium Code Reviews
Issue 2861063003:
Remove dangerous CanonicalCookie::Create method. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Portions of this code based on Mozilla: | 5 // Portions of this code based on Mozilla: |
| 6 // (netwerk/cookie/src/nsCookieService.cpp) | 6 // (netwerk/cookie/src/nsCookieService.cpp) |
| 7 /* ***** BEGIN LICENSE BLOCK ***** | 7 /* ***** BEGIN LICENSE BLOCK ***** |
| 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 9 * | 9 * |
| 10 * The contents of this file are subject to the Mozilla Public License Version | 10 * The contents of this file are subject to the Mozilla Public License Version |
| (...skipping 1040 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1051 // TODO(mmenke): This class assumes each cookie to have a unique creation | 1051 // TODO(mmenke): This class assumes each cookie to have a unique creation |
| 1052 // time. Allowing the caller to set the creation time violates that | 1052 // time. Allowing the caller to set the creation time violates that |
| 1053 // assumption. Worth fixing? Worth noting that time changes between browser | 1053 // assumption. Worth fixing? Worth noting that time changes between browser |
| 1054 // restarts can cause the same issue. | 1054 // restarts can cause the same issue. |
| 1055 base::Time actual_creation_time = creation_time; | 1055 base::Time actual_creation_time = creation_time; |
| 1056 if (creation_time.is_null()) { | 1056 if (creation_time.is_null()) { |
| 1057 actual_creation_time = CurrentTime(); | 1057 actual_creation_time = CurrentTime(); |
| 1058 last_time_seen_ = actual_creation_time; | 1058 last_time_seen_ = actual_creation_time; |
| 1059 } | 1059 } |
| 1060 | 1060 |
| 1061 // Validate consistency of passed arguments. | |
| 1062 if (ParsedCookie::ParseTokenString(name) != name) | |
| 1063 return false; | |
| 1064 if (ParsedCookie::ParseValueString(value) != value) | |
| 1065 return false; | |
| 1066 if (ParsedCookie::ParseValueString(domain) != domain) | |
| 1067 return false; | |
| 1068 if (ParsedCookie::ParseValueString(path) != path) | |
| 1069 return false; | |
|
mmenke
2017/05/09 16:51:09
optional: Maybe just merge these into one if?
Randy Smith (Not in Mondays)
2017/05/09 23:52:35
Done.
| |
| 1070 | |
| 1071 // Validate passed arguments against URL. | |
| 1072 if (secure && !url.SchemeIsCryptographic()) | |
| 1073 return false; | |
| 1074 | |
| 1075 std::string cookie_domain; | |
| 1076 if (!cookie_util::GetCookieDomainWithString(url, domain, &cookie_domain)) | |
| 1077 return false; | |
| 1078 | |
| 1079 std::string cookie_path = CanonicalCookie::CanonPathWithString(url, path); | |
| 1080 if (!path.empty() && cookie_path != path) | |
| 1081 return false; | |
| 1082 | |
| 1083 // Canonicalize path again to make sure it escapes characters as needed. | |
| 1084 url::Component path_component(0, cookie_path.length()); | |
| 1085 url::RawCanonOutputT<char> canon_path; | |
| 1086 url::Component canon_path_component; | |
| 1087 url::CanonicalizePath(cookie_path.data(), path_component, &canon_path, | |
| 1088 &canon_path_component); | |
| 1089 cookie_path = std::string(canon_path.data() + canon_path_component.begin, | |
| 1090 canon_path_component.len); | |
| 1091 | |
| 1061 std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create( | 1092 std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create( |
| 1062 url, name, value, domain, path, actual_creation_time, expiration_time, | 1093 name, value, cookie_domain, cookie_path, actual_creation_time, |
| 1063 secure, http_only, same_site, priority)); | 1094 expiration_time, last_access_time, secure, http_only, same_site, |
| 1095 priority)); | |
| 1064 | 1096 |
| 1065 if (!cc.get()) | 1097 if (!cc.get()) |
| 1066 return false; | 1098 return false; |
| 1067 | 1099 |
| 1068 if (!last_access_time.is_null()) | |
| 1069 cc->SetLastAccessDate(last_access_time); | |
| 1070 | |
| 1071 CookieOptions options; | 1100 CookieOptions options; |
| 1072 options.set_include_httponly(); | 1101 options.set_include_httponly(); |
| 1073 options.set_same_site_cookie_mode( | 1102 options.set_same_site_cookie_mode( |
| 1074 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); | 1103 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); |
| 1075 return SetCanonicalCookie(std::move(cc), url, options); | 1104 return SetCanonicalCookie(std::move(cc), url, options); |
| 1076 } | 1105 } |
| 1077 | 1106 |
| 1078 CookieList CookieMonster::GetAllCookies() { | 1107 CookieList CookieMonster::GetAllCookies() { |
| 1079 DCHECK(thread_checker_.CalledOnValidThread()); | 1108 DCHECK(thread_checker_.CalledOnValidThread()); |
| 1080 | 1109 |
| (...skipping 1287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2368 it != hook_map_.end(); ++it) { | 2397 it != hook_map_.end(); ++it) { |
| 2369 std::pair<GURL, std::string> key = it->first; | 2398 std::pair<GURL, std::string> key = it->first; |
| 2370 if (cookie.IncludeForRequestURL(key.first, opts) && | 2399 if (cookie.IncludeForRequestURL(key.first, opts) && |
| 2371 cookie.Name() == key.second) { | 2400 cookie.Name() == key.second) { |
| 2372 it->second->Notify(cookie, cause); | 2401 it->second->Notify(cookie, cause); |
| 2373 } | 2402 } |
| 2374 } | 2403 } |
| 2375 } | 2404 } |
| 2376 | 2405 |
| 2377 } // namespace net | 2406 } // namespace net |
| OLD | NEW |
