Remove dangerous CanonicalCookie::Create method.

net/cookies/cookie_monster_unittest.cc

Index: net/cookies/cookie_monster_unittest.cc
diff --git a/net/cookies/cookie_monster_unittest.cc b/net/cookies/cookie_monster_unittest.cc
index 706c75f62021bd62fb4642477f0e9a4aed4b1284..cf80898d34e0dd12fb2d4fcbd0bec49899bc98ce 100644
--- a/net/cookies/cookie_monster_unittest.cc
+++ b/net/cookies/cookie_monster_unittest.cc
@@ -1040,13 +1040,13 @@ TEST_F(DeferredCookieTaskTest, DeferredSetAllCookies) {
   MockSetCookiesCallback set_cookies_callback;
   CookieList list;
   list.push_back(*CanonicalCookie::Create(
-      http_www_google_.url(), "A", "B", http_www_google_.domain(), "/",
-      base::Time::Now(), base::Time(), false, true,
-      CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
+      "A", "B", "." + http_www_google_.domain(), "/", base::Time::Now(),
+      base::Time(), base::Time(), false, true, CookieSameSite::DEFAULT_MODE,
+      COOKIE_PRIORITY_DEFAULT));
   list.push_back(*CanonicalCookie::Create(
-      http_www_google_.url(), "C", "D", http_www_google_.domain(), "/",
-      base::Time::Now(), base::Time(), false, true,
-      CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
+      "C", "D", "." + http_www_google_.domain(), "/", base::Time::Now(),
+      base::Time(), base::Time(), false, true, CookieSameSite::DEFAULT_MODE,
+      COOKIE_PRIORITY_DEFAULT));
 
   BeginWith(
       SetAllCookiesAction(&cookie_monster(), list, &set_cookies_callback));
@@ -2534,17 +2534,17 @@ TEST_F(CookieMonsterTest, SetAllCookies) {
 
   CookieList list;
   list.push_back(*CanonicalCookie::Create(
-      http_www_google_.url(), "A", "B", http_www_google_.url().host(), "/",
-      base::Time::Now(), base::Time(), false, false,
-      CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
+      "A", "B", "." + http_www_google_.url().host(), "/", base::Time::Now(),
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      COOKIE_PRIORITY_DEFAULT));
   list.push_back(*CanonicalCookie::Create(
-      http_www_google_.url(), "W", "X", http_www_google_.url().host(), "/bar",
-      base::Time::Now(), base::Time(), false, false,
-      CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
+      "W", "X", "." + http_www_google_.url().host(), "/bar", base::Time::Now(),
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      COOKIE_PRIORITY_DEFAULT));
   list.push_back(*CanonicalCookie::Create(
-      http_www_google_.url(), "Y", "Z", http_www_google_.url().host(), "/",
-      base::Time::Now(), base::Time(), false, false,
-      CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
+      "Y", "Z", "." + http_www_google_.url().host(), "/", base::Time::Now(),
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      COOKIE_PRIORITY_DEFAULT));
 
   // SetAllCookies must not flush.
   ASSERT_EQ(0, store->flush_count());
@@ -2577,53 +2577,53 @@ TEST_F(CookieMonsterTest, ComputeCookieDiff) {
   base::Time creation_time = now - base::TimeDelta::FromSeconds(1);
 
   std::unique_ptr<CanonicalCookie> cookie1(CanonicalCookie::Create(
-      http_www_google_.url(), "A", "B", http_www_google_.url().host(), "/",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      "A", "B", "." + http_www_google_.url().host(), "/", creation_time,
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie2(CanonicalCookie::Create(
-      http_www_google_.url(), "C", "D", http_www_google_.url().host(), "/",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      "C", "D", "." + http_www_google_.url().host(), "/", creation_time,
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie3(CanonicalCookie::Create(
-      http_www_google_.url(), "E", "F", http_www_google_.url().host(), "/",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      "E", "F", "." + http_www_google_.url().host(), "/", creation_time,
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie4(CanonicalCookie::Create(
-      http_www_google_.url(), "G", "H", http_www_google_.url().host(), "/",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      "G", "H", "." + http_www_google_.url().host(), "/", creation_time,
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie4_with_new_value(
       CanonicalCookie::Create(
-          http_www_google_.url(), "G", "iamnew", http_www_google_.url().host(),
-          "/", creation_time, base::Time(), false, false,
+          "G", "iamnew", "." + http_www_google_.url().host(), "/",
+          creation_time, base::Time(), base::Time(), false, false,
           CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie5(CanonicalCookie::Create(
-      http_www_google_.url(), "I", "J", http_www_google_.url().host(), "/",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      "I", "J", "." + http_www_google_.url().host(), "/", creation_time,
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie5_with_new_creation_time(
-      CanonicalCookie::Create(
-          http_www_google_.url(), "I", "J", http_www_google_.url().host(), "/",
-          now, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
-          COOKIE_PRIORITY_DEFAULT));
+      CanonicalCookie::Create("I", "J", "." + http_www_google_.url().host(),
+                              "/", now, base::Time(), base::Time(), false,
+                              false, CookieSameSite::DEFAULT_MODE,
+                              COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie6(CanonicalCookie::Create(
-      http_www_google_.url(), "K", "L", http_www_google_.url().host(), "/foo",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      "K", "L", "." + http_www_google_.url().host(), "/foo", creation_time,
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie6_with_new_path(
-      CanonicalCookie::Create(
-          http_www_google_.url(), "K", "L", http_www_google_.url().host(),
-          "/bar", creation_time, base::Time(), false, false,
-          CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
+      CanonicalCookie::Create("K", "L", "." + http_www_google_.url().host(),
+                              "/bar", creation_time, base::Time(), base::Time(),
+                              false, false, CookieSameSite::DEFAULT_MODE,
+                              COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie7(CanonicalCookie::Create(
-      http_www_google_.url(), "M", "N", http_www_google_.url().host(), "/foo",
-      creation_time, base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
+      "M", "N", "." + http_www_google_.url().host(), "/foo", creation_time,
+      base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE,
       COOKIE_PRIORITY_DEFAULT));
   std::unique_ptr<CanonicalCookie> cookie7_with_new_path(
-      CanonicalCookie::Create(
-          http_www_google_.url(), "M", "N", http_www_google_.url().host(),
-          "/bar", creation_time, base::Time(), false, false,
-          CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT));
+      CanonicalCookie::Create("M", "N", "." + http_www_google_.url().host(),
+                              "/bar", creation_time, base::Time(), base::Time(),
+                              false, false, CookieSameSite::DEFAULT_MODE,
+                              COOKIE_PRIORITY_DEFAULT));
 
   CookieList old_cookies;
   old_cookies.push_back(*cookie1);
@@ -2836,11 +2836,11 @@ TEST_F(CookieMonsterTest, ControlCharacterPurge) {
   // We have to manually build this cookie because it contains a control
   // character, and our cookie line parser rejects control characters.
   std::unique_ptr<CanonicalCookie> cc = CanonicalCookie::Create(
-      url, "baz",
+      "baz",
       "\x05"
       "boo",
-      domain, path, now2, later, false, false, CookieSameSite::DEFAULT_MODE,
-      COOKIE_PRIORITY_DEFAULT);
+      "." + domain, path, now2, later, base::Time(), false, false,
+      CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT);
   initial_cookies.push_back(std::move(cc));
 
   AddCookieToList(url, "hello=world; path=" + path, now3, &initial_cookies);
@@ -3221,6 +3221,31 @@ TEST_F(CookieMonsterTest, EquivalentCookies) {
   EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=D; domain=google.com"));
 }
 
+TEST_F(CookieMonsterTest, SetCookieWithDetailsSecureEnforcement) {

[mmenke, 2017/05/10 15:51:54]

Should this be in the shared test (cookie_store_unittest.h), so it's run on iOS,
too, since the same logic was added there?

[Randy Smith (Not in Mondays), 2017/05/10 20:31:51]

Done.

+  std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, nullptr));
+  GURL http_url("http://www.google.com");
+  GURL https_url("https://www.google.com");
+
+  // Confirm that setting the secure attribute on an HTTP URL fails, but
+  // the other combinations work.
+  EXPECT_TRUE(SetCookieWithDetails(
+      cm.get(), http_url, "A", "B", "www.google.com", "/", base::Time::Now(),
+      base::Time(), base::Time(), false, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+  EXPECT_FALSE(SetCookieWithDetails(
+      cm.get(), http_url, "A", "B", "www.google.com", "/", base::Time::Now(),
+      base::Time(), base::Time(), true, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+  EXPECT_TRUE(SetCookieWithDetails(
+      cm.get(), https_url, "A", "B", "www.google.com", "/", base::Time::Now(),
+      base::Time(), base::Time(), false, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+  EXPECT_TRUE(SetCookieWithDetails(
+      cm.get(), https_url, "A", "B", "www.google.com", "/", base::Time::Now(),
+      base::Time(), base::Time(), true, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+}
+
 class CookieMonsterNotificationTest : public CookieMonsterTest {
  public:
   CookieMonsterNotificationTest()