-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PDP-1526 Remove parts of the cookies that are not valid according to …
…RFC 6265
- Loading branch information
Showing
4 changed files
with
65 additions
and
2 deletions.
There are no files selected for viewing
28 changes: 28 additions & 0 deletions
28
core/src/main/scala/com.snowplowanalytics.snowplow.collector.core/Rfc6265Cookie.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/** | ||
* Copyright (c) 2013-present Snowplow Analytics Ltd. | ||
* All rights reserved. | ||
* | ||
* This software is made available by Snowplow Analytics, Ltd., | ||
* under the terms of the Snowplow Limited Use License Agreement, Version 1.0 | ||
* located at https://docs.snowplow.io/limited-use-license-1.0 | ||
* BY INSTALLING, DOWNLOADING, ACCESSING, USING OR DISTRIBUTING ANY PORTION | ||
* OF THE SOFTWARE, YOU AGREE TO THE TERMS OF SUCH LICENSE AGREEMENT. | ||
*/ | ||
package com.snowplowanalytics.snowplow.collector.core | ||
|
||
object Rfc6265Cookie { | ||
|
||
// See https://www.ietf.org/rfc/rfc6265.txt | ||
private val allowedChars = Set(0x21.toChar) ++ | ||
Set(0x23.toChar to 0x2b.toChar: _*) ++ | ||
Set(0x2d.toChar to 0x3a.toChar: _*) ++ | ||
Set(0x3c.toChar to 0x5b.toChar: _*) ++ | ||
Set(0x5d.toChar to 0x7e.toChar: _*) | ||
|
||
// Remove all the sub-parts (between two ';') that contain unauthorized characters | ||
def parse(rawCookie: String): Option[String] = | ||
rawCookie.replaceAll(" ", "").split(";").filter(_.forall(allowedChars.contains)).mkString(";") match { | ||
case s if s.nonEmpty => Some(s) | ||
case _ => None | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
core/src/test/scala/com.snowplowanalytics.snowplow.collector.core/Rfc6265CookieSpec.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package com.snowplowanalytics.snowplow.collector.core | ||
|
||
import org.specs2.mutable.Specification | ||
|
||
class Rfc6265CookieSpec extends Specification { | ||
val valid1 = "name=value" | ||
val valid2 = "name1=value2" | ||
val bothValid = s"$valid1;$valid2" | ||
val invalid = "{\"key\": \"value\"}" | ||
|
||
"Rfc6265Cookie.parse" should { | ||
"leave a valid cookie as is" in { | ||
Rfc6265Cookie.parse(valid1) must beSome(valid1) | ||
Rfc6265Cookie.parse(bothValid) must beSome(bothValid) | ||
} | ||
|
||
"remove whitspaces" in { | ||
Rfc6265Cookie.parse(s" $valid1 ") must beSome(valid1) | ||
Rfc6265Cookie.parse("name = value") must beSome(valid1) | ||
} | ||
|
||
"remove invalid parts" in { | ||
Rfc6265Cookie.parse(s"$invalid;$valid1;$valid2") must beSome(bothValid) | ||
Rfc6265Cookie.parse(s"$valid1;$invalid;$valid2") must beSome(bothValid) | ||
Rfc6265Cookie.parse(s"$valid1;$valid2;$invalid") must beSome(bothValid) | ||
} | ||
|
||
"return None if no valid part is left" in { | ||
Rfc6265Cookie.parse(invalid) must beNone | ||
Rfc6265Cookie.parse(s";$invalid;") must beNone | ||
Rfc6265Cookie.parse(";") must beNone | ||
Rfc6265Cookie.parse(";;") must beNone | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters