Remove dangerous CanonicalCookie::Create method.

net/cookies/canonical_cookie.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Portions of this code based on Mozilla:
 //   (netwerk/cookie/src/nsCookieService.cpp)
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
@@ skipping 56 matching lines @@
 // Determine the cookie domain to use for setting the specified cookie.
 bool GetCookieDomain(const GURL& url,
                      const ParsedCookie& pc,
                      std::string* result) {
   std::string domain_string;
   if (pc.HasDomain())
     domain_string = pc.Domain();
   return cookie_util::GetCookieDomainWithString(url, domain_string, result);
 }
 
-std::string CanonPathWithString(const GURL& url,
-                                const std::string& path_string) {
-  // The RFC says the path should be a prefix of the current URL path.
-  // However, Mozilla allows you to set any path for compatibility with
-  // broken websites.  We unfortunately will mimic this behavior.  We try
-  // to be generous and accept cookies with an invalid path attribute, and
-  // default the path to something reasonable.
-
-  // The path was supplied in the cookie, we'll take it.
-  if (!path_string.empty() && path_string[0] == '/')
-    return path_string;
-
-  // The path was not supplied in the cookie or invalid, we will default
-  // to the current URL path.
-  // """Defaults to the path of the request URL that generated the
-  //    Set-Cookie response, up to, but not including, the
-  //    right-most /."""
-  // How would this work for a cookie on /?  We will include it then.
-  const std::string& url_path = url.path();
-
-  size_t idx = url_path.find_last_of('/');
-
-  // The cookie path was invalid or a single '/'.
-  if (idx == 0 || idx == std::string::npos)
-    return std::string("/");
-
-  // Return up to the rightmost '/'.
-  return url_path.substr(0, idx);
-}
-
 // Compares cookies using name, domain and path, so that "equivalent" cookies
 // (per RFC 2965) are equal to each other.
 int PartialCookieOrdering(const CanonicalCookie& a, const CanonicalCookie& b) {
   int diff = a.Name().compare(b.Name());
   if (diff != 0)
     return diff;
 
   diff = a.Domain().compare(b.Domain());
   if (diff != 0)
     return diff;
 
   return a.Path().compare(b.Path());
 }
 
 }  // namespace
 
 CanonicalCookie::CanonicalCookie()
     : secure_(false),
       httponly_(false) {
 }
 
 CanonicalCookie::CanonicalCookie(const CanonicalCookie& other) = default;
 
 CanonicalCookie::~CanonicalCookie() {}
 
 // static
-std::string CanonicalCookie::CanonPath(const GURL& url,
-                                       const ParsedCookie& pc) {
-  std::string path_string;
-  if (pc.HasPath())
-    path_string = pc.Path();
-  return CanonPathWithString(url, path_string);
+std::string CanonicalCookie::CanonPathWithString(
+    const GURL& url,
+    const std::string& path_string) {
+  // The RFC says the path should be a prefix of the current URL path.
+  // However, Mozilla allows you to set any path for compatibility with
+  // broken websites.  We unfortunately will mimic this behavior.  We try
+  // to be generous and accept cookies with an invalid path attribute, and
+  // default the path to something reasonable.
+
+  // The path was supplied in the cookie, we'll take it.
+  if (!path_string.empty() && path_string[0] == '/')
+    return path_string;
+
+  // The path was not supplied in the cookie or invalid, we will default
+  // to the current URL path.
+  // """Defaults to the path of the request URL that generated the
+  //    Set-Cookie response, up to, but not including, the
+  //    right-most /."""
+  // How would this work for a cookie on /?  We will include it then.
+  const std::string& url_path = url.path();
+
+  size_t idx = url_path.find_last_of('/');
+
+  // The cookie path was invalid or a single '/'.
+  if (idx == 0 || idx == std::string::npos)
+    return std::string("/");
+
+  // Return up to the rightmost '/'.
+  return url_path.substr(0, idx);
 }
 
 // static
 Time CanonicalCookie::CanonExpiration(const ParsedCookie& pc,
                                       const Time& current,
                                       const Time& server_time) {
   // First, try the Max-Age attribute.
   uint64_t max_age = 0;
   if (pc.HasMaxAge() &&
 #ifdef COMPILER_MSVC
@@ skipping 45 matching lines @@
   // Per 3.2.1 of "Deprecate modification of 'secure' cookies from non-secure
   // origins", if the cookie's "secure-only-flag" is "true" and the requesting
   // URL does not have a secure scheme, the cookie should be thrown away.
   // https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone
   if (parsed_cookie.IsSecure() && !url.SchemeIsCryptographic()) {
     VLOG(kVlogSetCookies)
         << "Create() is trying to create a secure cookie from an insecure URL";
     return nullptr;
   }
 
-  std::string cookie_path = CanonicalCookie::CanonPath(url, parsed_cookie);
+  std::string cookie_path = CanonPathWithString(
+      url, parsed_cookie.HasPath() ? parsed_cookie.Path() : std::string());
+
   Time server_time(creation_time);
   if (options.has_server_time())
     server_time = options.server_time();
 
   Time cookie_expires = CanonicalCookie::CanonExpiration(parsed_cookie,
                                                          creation_time,
                                                          server_time);
 
   CookiePrefix prefix = CanonicalCookie::GetCookiePrefix(parsed_cookie.Name());
   bool is_cookie_valid =
       CanonicalCookie::IsCookiePrefixValid(prefix, url, parsed_cookie);
   CanonicalCookie::RecordCookiePrefixMetrics(prefix, is_cookie_valid);
   if (!is_cookie_valid) {
     VLOG(kVlogSetCookies)
         << "Create() failed because the cookie violated prefix rules.";
     return nullptr;
   }
 
   return base::WrapUnique(new CanonicalCookie(
       parsed_cookie.Name(), parsed_cookie.Value(), cookie_domain, cookie_path,
       creation_time, cookie_expires, creation_time, parsed_cookie.IsSecure(),
       parsed_cookie.IsHttpOnly(), parsed_cookie.SameSite(),
       parsed_cookie.Priority()));
 }
 
 // static
 std::unique_ptr<CanonicalCookie> CanonicalCookie::Create(
-    const GURL& url,
-    const std::string& name,
-    const std::string& value,
-    const std::string& domain,
-    const std::string& path,
-    const base::Time& creation,
-    const base::Time& expiration,
-    bool secure,
-    bool http_only,
-    CookieSameSite same_site,
-    CookiePriority priority) {
-  // Expect valid attribute tokens and values, as defined by the ParsedCookie
-  // logic, otherwise don't create the cookie.
-  std::string parsed_name = ParsedCookie::ParseTokenString(name);
-  if (parsed_name != name)
-    return nullptr;
-  std::string parsed_value = ParsedCookie::ParseValueString(value);
-  if (parsed_value != value)
-    return nullptr;
-
-  std::string parsed_domain = ParsedCookie::ParseValueString(domain);
-  if (parsed_domain != domain)
-    return nullptr;
-  std::string cookie_domain;
-  if (!cookie_util::GetCookieDomainWithString(url, parsed_domain,
-                                               &cookie_domain)) {
-    return nullptr;
-  }
-
-  if (secure && !url.SchemeIsCryptographic())
-    return nullptr;
-
-  std::string parsed_path = ParsedCookie::ParseValueString(path);
-  if (parsed_path != path)
-    return nullptr;
-
-  std::string cookie_path = CanonPathWithString(url, parsed_path);
-  // Expect that the path was either not specified (empty), or is valid.
-  if (!parsed_path.empty() && cookie_path != parsed_path)
-    return nullptr;
-  // Canonicalize path again to make sure it escapes characters as needed.
-  url::Component path_component(0, cookie_path.length());
-  url::RawCanonOutputT<char> canon_path;
-  url::Component canon_path_component;
-  url::CanonicalizePath(cookie_path.data(), path_component, &canon_path,
-                        &canon_path_component);
-  cookie_path = std::string(canon_path.data() + canon_path_component.begin,
-                            canon_path_component.len);
-
-  return base::WrapUnique(new CanonicalCookie(
-      parsed_name, parsed_value, cookie_domain, cookie_path, creation,
-      expiration, creation, secure, http_only, same_site, priority));
-}
-
-// static
-std::unique_ptr<CanonicalCookie> CanonicalCookie::Create(
     const std::string& name,
     const std::string& value,
     const std::string& domain,
     const std::string& path,
     const base::Time& creation,
     const base::Time& expiration,
     const base::Time& last_access,
     bool secure,
     bool http_only,
     CookieSameSite same_site,
     CookiePriority priority) {
+  DCHECK(!name.empty());
+  DCHECK(!path.empty());
+
   return base::WrapUnique(
       new CanonicalCookie(name, value, domain, path, creation, expiration,
                           last_access, secure, http_only, same_site, priority));
 }
 
 bool CanonicalCookie::IsEquivalentForSecureCookieMatching(
     const CanonicalCookie& ecc) const {
   return (name_ == ecc.Name() && (ecc.IsDomainMatch(DomainWithoutDot()) ||
                                   IsDomainMatch(ecc.DomainWithoutDot())) &&
           ecc.IsOnPath(Path()));
@@ skipping 212 matching lines @@
   return true;
 }
 
 std::string CanonicalCookie::DomainWithoutDot() const {
   if (domain_.empty() || domain_[0] != '.')
     return domain_;
   return domain_.substr(1);
 }
 
 }  // namespace net