net/cookies/cookie_monster.cc - Issue 2861063003: Remove dangerous CanonicalCookie::Create method.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cookies/cookie_monster.cc

Issue 2861063003: Remove dangerous CanonicalCookie::Create method. (Closed)

Patch Set: Fixed bugs from DCHECKing name & path. Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/cookies/canonical_cookie_unittest.cc ('K') | « net/cookies/canonical_cookie_unittest.cc ('k') | net/cookies/cookie_monster_store_test.cc » ('j') | net/cookies/cookie_monster_store_test.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/cookies/cookie_monster.cc

diff --git a/net/cookies/cookie_monster.cc b/net/cookies/cookie_monster.cc

index 2272d7b08ab49ca58e9ce4024cd2ebb369efdc07..29dc97f02fd7f4e1ed7f0b8912f1940e74953409 100644

--- a/net/cookies/cookie_monster.cc

+++ b/net/cookies/cookie_monster.cc

@@ -1058,16 +1058,45 @@ bool CookieMonster::SetCookieWithDetails(const GURL& url,

last_time_seen_ = actual_creation_time;

}

+ // Validate consistency of passed arguments.

+ if (ParsedCookie::ParseTokenString(name) != name)

+ return false;

+ if (ParsedCookie::ParseValueString(value) != value)

+ return false;

+ if (ParsedCookie::ParseValueString(domain) != domain)

+ return false;

+ if (ParsedCookie::ParseValueString(path) != path)

+ return false;

mmenke 2017/05/09 16:51:09 optional: Maybe just merge these into one if?

Randy Smith (Not in Mondays) 2017/05/09 23:52:35 Done.

+ // Validate passed arguments against URL.

+ if (secure && !url.SchemeIsCryptographic())

+ return false;

+ std::string cookie_domain;

+ if (!cookie_util::GetCookieDomainWithString(url, domain, &cookie_domain))

+ return false;

+ std::string cookie_path = CanonicalCookie::CanonPathWithString(url, path);

+ if (!path.empty() && cookie_path != path)

+ return false;

+ // Canonicalize path again to make sure it escapes characters as needed.

+ url::Component path_component(0, cookie_path.length());

+ url::RawCanonOutputT<char> canon_path;

+ url::Component canon_path_component;

+ url::CanonicalizePath(cookie_path.data(), path_component, &canon_path,

+ &canon_path_component);

+ cookie_path = std::string(canon_path.data() + canon_path_component.begin,

+ canon_path_component.len);

std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create(

- url, name, value, domain, path, actual_creation_time, expiration_time,

- secure, http_only, same_site, priority));

+ name, value, cookie_domain, cookie_path, actual_creation_time,

+ expiration_time, last_access_time, secure, http_only, same_site,

+ priority));

if (!cc.get())

return false;

- if (!last_access_time.is_null())

- cc->SetLastAccessDate(last_access_time);

CookieOptions options;

options.set_include_httponly();

options.set_same_site_cookie_mode(