Remove dangerous CanonicalCookie::Create method.

net/cookies/canonical_cookie.h

Index: net/cookies/canonical_cookie.h
diff --git a/net/cookies/canonical_cookie.h b/net/cookies/canonical_cookie.h
index 18d9302e66b9ba37becfa25897640d8c09372e73..4b659a21cf91fc19b91478492222b195d7aeb289 100644
--- a/net/cookies/canonical_cookie.h
+++ b/net/cookies/canonical_cookie.h
@@ -40,22 +40,8 @@ class NET_EXPORT CanonicalCookie {
       const CookieOptions& options);
 
   // Creates a canonical cookie from unparsed attribute values.
-  // Canonicalizes and validates inputs.  May return NULL if an attribute
-  // value is invalid.
-  static std::unique_ptr<CanonicalCookie> Create(const GURL& url,
-                                                 const std::string& name,
-                                                 const std::string& value,
-                                                 const std::string& domain,
-                                                 const std::string& path,
-                                                 const base::Time& creation,
-                                                 const base::Time& expiration,
-                                                 bool secure,
-                                                 bool http_only,
-                                                 CookieSameSite same_site,
-                                                 CookiePriority priority);
-
-  // Creates a canonical cookie from unparsed attribute values.
-  // It does not do any validation.
+  // It does not do any canonicalization.
+  // |name| and |path| may not be empty.

[mmenke, 2017/05/09 16:51:09]

I think this is a MUST and not a MAY.  :)

[Randy Smith (Not in Mondays), 2017/05/09 23:52:35]

Done :-}.

   static std::unique_ptr<CanonicalCookie> Create(const std::string& name,
                                                  const std::string& value,
                                                  const std::string& domain,
@@ -137,7 +123,8 @@ class NET_EXPORT CanonicalCookie {
 
   std::string DebugString() const;
 
-  static std::string CanonPath(const GURL& url, const ParsedCookie& pc);
+  static std::string CanonPathWithString(const GURL& url,
+                                         const std::string& path_string);

[mmenke, 2017/05/09 16:51:09]

Does this need to be public (Or even outside a private namespace in the cc
file?)  I'm not seeing anything that uses it.

[Randy Smith (Not in Mondays), 2017/05/09 23:52:35]

It's used in cookie_monster.cc.  We could look into ways to make it only visible
there and to CC, but I think something like this is going to be needed as per my
recent email to you and mkwst@, so my inclination is not to put a lot of energy
into it.

 
   // Returns a "null" time if expiration was unspecified or invalid.
   static base::Time CanonExpiration(const ParsedCookie& pc,