Remove dangerous CanonicalCookie::Create method.

ios/net/cookies/cookie_store_ios.mm

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ios/net/cookies/cookie_store_ios.h"
 
 #import <Foundation/Foundation.h>
 #include <stddef.h>
 
 #include "base/bind.h"
@@ skipping 356 matching lines @@
   DCHECK(thread_checker_.CalledOnValidThread());
   // If cookies are not allowed, they are stashed in the CookieMonster, and
   // should be written there instead.
   DCHECK(SystemCookiesAllowed());
 
   bool success = false;
 
   if (creation_time.is_null())
     creation_time = base::Time::Now();
 
+  // Validate consistency of passed arguments.
+  if (ParsedCookie::ParseTokenString(name) != name ||
+      ParsedCookie::ParseValueString(value) != value ||
+      ParsedCookie::ParseValueString(domain) != domain ||
+      ParsedCookie::ParseValueString(path) != path) {
+    if (!callback.is_null())
+      callback.Run(false);
+    return;
+  }
+
+  // Validate passed arguments against URL.
+  std::string cookie_domain;
+  std::string cookie_path = CanonicalCookie::CanonPathWithString(url, path);
+  if ((secure && !url.SchemeIsCryptographic()) ||
+      !cookie_util::GetCookieDomainWithString(url, domain, &cookie_domain) ||
+      (!path.empty() && cookie_path != path)) {
+    if (!callback.is_null())
+      callback.Run(false);
+    return;
+  }
+
+  // Canonicalize path again to make sure it escapes characters as needed.
+  url::Component path_component(0, cookie_path.length());
+  url::RawCanonOutputT<char> canon_path;
+  url::Component canon_path_component;
+  url::CanonicalizePath(cookie_path.data(), path_component, &canon_path,
+                        &canon_path_component);
+  cookie_path = std::string(canon_path.data() + canon_path_component.begin,
+                            canon_path_component.len);
+
   // First create a CanonicalCookie, to normalize the arguments,
   // particularly domain and path, and perform validation.
   std::unique_ptr<net::CanonicalCookie> canonical_cookie =
       net::CanonicalCookie::Create(
-          url, name, value, domain, path, creation_time, expiration_time,
-          secure, http_only, same_site, priority);
+          name, value, cookie_domain, cookie_path, creation_time,
+          // TODO(rdsmith): Check with ios reviewer about whether to use

[Elly Fong-Jones, 2017/05/11 17:24:35]

I would use creation_time, which is what the old ::Create() method would have
done.

It's possible that last_access_time is more correct, but since this method is
backed by the system cookie store which does not have any known notion of a
separate last access time, I doubt that it matters. Even the creation time is
actually spelunked out of the NSHTTPCookie object in a strange way:
https://cs.chromium.org/chromium/src/ios/net/cookies/cookie_creation_time_man...

[Randy Smith (Not in Mondays), 2017/05/12 17:02:02]

Done.

+          // last_access_time here.  Wasn't used in original implementation.
+          expiration_time, base::Time(), secure, http_only, same_site,
+          priority);
 
   if (canonical_cookie) {
     NSHTTPCookie* cookie = SystemCookieFromCanonicalCookie(*canonical_cookie);
 
     if (cookie != nil) {
       [system_store_ setCookie:cookie];
       creation_time_manager_->SetCreationTime(
           cookie, creation_time_manager_->MakeUniqueCreationTime(
               canonical_cookie->CreationDate()));
       success = true;
@@ skipping 423 matching lines @@
   net::CookieList cookie_list;
   cookie_list.reserve([cookies count]);
   for (NSHTTPCookie* cookie in cookies) {
     base::Time created = creation_time_manager_->GetCreationTime(cookie);
     cookie_list.push_back(CanonicalCookieFromSystemCookie(cookie, created));
   }
   return cookie_list;
 }
 
 }  // namespace net