1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Portions of this code based on Mozilla:
6 // (netwerk/cookie/src/nsCookieService.cpp)
7 /* ***** BEGIN LICENSE BLOCK *****
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
10 * The contents of this file are subject to the Mozilla Public License Version
11 * 1.1 (the "License"); you may not use this file except in compliance with
12 * the License. You may obtain a copy of the License at
13 * http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS IS" basis,
16 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
17 * for the specific language governing rights and limitations under the
20 * The Original Code is mozilla.org code.
22 * The Initial Developer of the Original Code is
23 * Netscape Communications Corporation.
24 * Portions created by the Initial Developer are Copyright (C) 2003
25 * the Initial Developer. All Rights Reserved.
28 * Daniel Witte (dwitte@stanford.edu)
29 * Michiel van Leeuwen (mvl@exedo.nl)
31 * Alternatively, the contents of this file may be used under the terms of
32 * either the GNU General Public License Version 2 or later (the "GPL"), or
33 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
34 * in which case the provisions of the GPL or the LGPL are applicable instead
35 * of those above. If you wish to allow use of your version of this file only
36 * under the terms of either the GPL or the LGPL, and not to allow others to
37 * use your version of this file under the terms of the MPL, indicate your
38 * decision by deleting the provisions above and replace them with the notice
39 * and other provisions required by the GPL or the LGPL. If you do not delete
40 * the provisions above, a recipient may use your version of this file under
41 * the terms of any one of the MPL, the GPL or the LGPL.
43 * ***** END LICENSE BLOCK ***** */
45 #include "net/cookies/parsed_cookie.h"
47 #include "base/logging.h"
48 #include "base/strings/string_util.h"
52 const char kPathTokenName
[] = "path";
53 const char kDomainTokenName
[] = "domain";
54 const char kExpiresTokenName
[] = "expires";
55 const char kMaxAgeTokenName
[] = "max-age";
56 const char kSecureTokenName
[] = "secure";
57 const char kHttpOnlyTokenName
[] = "httponly";
58 const char kPriorityTokenName
[] = "priority";
60 const char kTerminator
[] = "\n\r\0";
61 const int kTerminatorLen
= sizeof(kTerminator
) - 1;
62 const char kWhitespace
[] = " \t";
63 const char kValueSeparator
[] = ";";
64 const char kTokenSeparator
[] = ";=";
66 // Returns true if |c| occurs in |chars|
67 // TODO(erikwright): maybe make this take an iterator, could check for end also?
68 inline bool CharIsA(const char c
, const char* chars
) {
69 return strchr(chars
, c
) != NULL
;
71 // Seek the iterator to the first occurrence of a character in |chars|.
72 // Returns true if it hit the end, false otherwise.
73 inline bool SeekTo(std::string::const_iterator
* it
,
74 const std::string::const_iterator
& end
,
76 for (; *it
!= end
&& !CharIsA(**it
, chars
); ++(*it
)) {}
79 // Seek the iterator to the first occurrence of a character not in |chars|.
80 // Returns true if it hit the end, false otherwise.
81 inline bool SeekPast(std::string::const_iterator
* it
,
82 const std::string::const_iterator
& end
,
84 for (; *it
!= end
&& CharIsA(**it
, chars
); ++(*it
)) {}
87 inline bool SeekBackPast(std::string::const_iterator
* it
,
88 const std::string::const_iterator
& end
,
90 for (; *it
!= end
&& CharIsA(**it
, chars
); --(*it
)) {}
94 // Validate whether |value| is a valid token according to [RFC2616],
96 bool IsValidToken(const std::string
& value
) {
100 // Check that |value| has no separators.
101 std::string separators
= "()<>@,;:\\\"/[]?={} \t";
102 if (value
.find_first_of(separators
) != std::string::npos
)
105 // Check that |value| has no CTLs.
106 for (std::string::const_iterator i
= value
.begin(); i
!= value
.end(); ++i
) {
107 if ((*i
>= 0 && *i
<= 31) || *i
>= 127)
114 // Validate value, which may be according to RFC 6265
115 // cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
116 // cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
117 // ; US-ASCII characters excluding CTLs,
118 // ; whitespace DQUOTE, comma, semicolon,
120 bool IsValidCookieValue(const std::string
& value
) {
121 // Number of characters to skip in validation at beginning and end of string.
123 if (value
.size() >= 2 && *value
.begin() == '"' && *(value
.end()-1) == '"')
125 for (std::string::const_iterator i
= value
.begin() + skip
;
126 i
!= value
.end() - skip
; ++i
) {
129 (*i
>= 0x23 && *i
<= 0x2B) ||
130 (*i
>= 0x2D && *i
<= 0x3A) ||
131 (*i
>= 0x3C && *i
<= 0x5B) ||
132 (*i
>= 0x5D && *i
<= 0x7E));
139 bool IsControlCharacter(unsigned char c
) {
140 return (c
>= 0) && (c
<= 31);
143 bool IsValidCookieAttributeValue(const std::string
& value
) {
144 // The greatest common denominator of cookie attribute values is
145 // <any CHAR except CTLs or ";"> according to RFC 6265.
146 for (std::string::const_iterator i
= value
.begin(); i
!= value
.end(); ++i
) {
147 if (IsControlCharacter(*i
) || *i
== ';')
157 ParsedCookie::ParsedCookie(const std::string
& cookie_line
)
166 if (cookie_line
.size() > kMaxCookieSize
) {
167 VLOG(1) << "Not parsing cookie, too large: " << cookie_line
.size();
171 ParseTokenValuePairs(cookie_line
);
176 ParsedCookie::~ParsedCookie() {
179 bool ParsedCookie::IsValid() const {
180 return !pairs_
.empty();
183 CookiePriority
ParsedCookie::Priority() const {
184 return (priority_index_
== 0) ? COOKIE_PRIORITY_DEFAULT
:
185 StringToCookiePriority(pairs_
[priority_index_
].second
);
188 bool ParsedCookie::SetName(const std::string
& name
) {
189 if (!IsValidToken(name
))
192 pairs_
.push_back(std::make_pair("", ""));
193 pairs_
[0].first
= name
;
197 bool ParsedCookie::SetValue(const std::string
& value
) {
198 if (!IsValidCookieValue(value
))
201 pairs_
.push_back(std::make_pair("", ""));
202 pairs_
[0].second
= value
;
206 bool ParsedCookie::SetPath(const std::string
& path
) {
207 return SetString(&path_index_
, kPathTokenName
, path
);
210 bool ParsedCookie::SetDomain(const std::string
& domain
) {
211 return SetString(&domain_index_
, kDomainTokenName
, domain
);
214 bool ParsedCookie::SetExpires(const std::string
& expires
) {
215 return SetString(&expires_index_
, kExpiresTokenName
, expires
);
218 bool ParsedCookie::SetMaxAge(const std::string
& maxage
) {
219 return SetString(&maxage_index_
, kMaxAgeTokenName
, maxage
);
222 bool ParsedCookie::SetIsSecure(bool is_secure
) {
223 return SetBool(&secure_index_
, kSecureTokenName
, is_secure
);
226 bool ParsedCookie::SetIsHttpOnly(bool is_http_only
) {
227 return SetBool(&httponly_index_
, kHttpOnlyTokenName
, is_http_only
);
230 bool ParsedCookie::SetPriority(const std::string
& priority
) {
231 return SetString(&priority_index_
, kPriorityTokenName
, priority
);
234 std::string
ParsedCookie::ToCookieLine() const {
236 for (PairList::const_iterator it
= pairs_
.begin();
237 it
!= pairs_
.end(); ++it
) {
240 out
.append(it
->first
);
241 if (it
->first
!= kSecureTokenName
&& it
->first
!= kHttpOnlyTokenName
) {
243 out
.append(it
->second
);
249 std::string::const_iterator
ParsedCookie::FindFirstTerminator(
250 const std::string
& s
) {
251 std::string::const_iterator end
= s
.end();
253 s
.find_first_of(std::string(kTerminator
, kTerminatorLen
));
254 if (term_pos
!= std::string::npos
) {
255 // We found a character we should treat as an end of string.
256 end
= s
.begin() + term_pos
;
261 bool ParsedCookie::ParseToken(std::string::const_iterator
* it
,
262 const std::string::const_iterator
& end
,
263 std::string::const_iterator
* token_start
,
264 std::string::const_iterator
* token_end
) {
265 DCHECK(it
&& token_start
&& token_end
);
266 std::string::const_iterator token_real_end
;
268 // Seek past any whitespace before the "token" (the name).
269 // token_start should point at the first character in the token
270 if (SeekPast(it
, end
, kWhitespace
))
271 return false; // No token, whitespace or empty.
274 // Seek over the token, to the token separator.
275 // token_real_end should point at the token separator, i.e. '='.
276 // If it == end after the seek, we probably have a token-value.
277 SeekTo(it
, end
, kTokenSeparator
);
278 token_real_end
= *it
;
280 // Ignore any whitespace between the token and the token separator.
281 // token_end should point after the last interesting token character,
282 // pointing at either whitespace, or at '=' (and equal to token_real_end).
283 if (*it
!= *token_start
) { // We could have an empty token name.
284 --(*it
); // Go back before the token separator.
285 // Skip over any whitespace to the first non-whitespace character.
286 SeekBackPast(it
, *token_start
, kWhitespace
);
292 // Seek us back to the end of the token.
293 *it
= token_real_end
;
297 void ParsedCookie::ParseValue(std::string::const_iterator
* it
,
298 const std::string::const_iterator
& end
,
299 std::string::const_iterator
* value_start
,
300 std::string::const_iterator
* value_end
) {
301 DCHECK(it
&& value_start
&& value_end
);
303 // Seek past any whitespace that might in-between the token and value.
304 SeekPast(it
, end
, kWhitespace
);
305 // value_start should point at the first character of the value.
308 // Just look for ';' to terminate ('=' allowed).
309 // We can hit the end, maybe they didn't terminate.
310 SeekTo(it
, end
, kValueSeparator
);
312 // Will be pointed at the ; seperator or the end.
315 // Ignore any unwanted whitespace after the value.
316 if (*value_end
!= *value_start
) { // Could have an empty value
318 SeekBackPast(value_end
, *value_start
, kWhitespace
);
323 std::string
ParsedCookie::ParseTokenString(const std::string
& token
) {
324 std::string::const_iterator it
= token
.begin();
325 std::string::const_iterator end
= FindFirstTerminator(token
);
327 std::string::const_iterator token_start
, token_end
;
328 if (ParseToken(&it
, end
, &token_start
, &token_end
))
329 return std::string(token_start
, token_end
);
330 return std::string();
333 std::string
ParsedCookie::ParseValueString(const std::string
& value
) {
334 std::string::const_iterator it
= value
.begin();
335 std::string::const_iterator end
= FindFirstTerminator(value
);
337 std::string::const_iterator value_start
, value_end
;
338 ParseValue(&it
, end
, &value_start
, &value_end
);
339 return std::string(value_start
, value_end
);
342 // Parse all token/value pairs and populate pairs_.
343 void ParsedCookie::ParseTokenValuePairs(const std::string
& cookie_line
) {
346 // Ok, here we go. We should be expecting to be starting somewhere
347 // before the cookie line, not including any header name...
348 std::string::const_iterator start
= cookie_line
.begin();
349 std::string::const_iterator it
= start
;
351 // TODO(erikwright): Make sure we're stripping \r\n in the network code.
352 // Then we can log any unexpected terminators.
353 std::string::const_iterator end
= FindFirstTerminator(cookie_line
);
355 for (int pair_num
= 0; pair_num
< kMaxPairs
&& it
!= end
; ++pair_num
) {
358 std::string::const_iterator token_start
, token_end
;
359 if (!ParseToken(&it
, end
, &token_start
, &token_end
))
362 if (it
== end
|| *it
!= '=') {
363 // We have a token-value, we didn't have any token name.
365 // For the first time around, we want to treat single values
366 // as a value with an empty name. (Mozilla bug 169091).
367 // IE seems to also have this behavior, ex "AAA", and "AAA=10" will
368 // set 2 different cookies, and setting "BBB" will then replace "AAA".
370 // Rewind to the beginning of what we thought was the token name,
371 // and let it get parsed as a value.
374 // Any not-first attribute we want to treat a value as a
375 // name with an empty value... This is so something like
376 // "secure;" will get parsed as a Token name, and not a value.
377 pair
.first
= std::string(token_start
, token_end
);
380 // We have a TOKEN=VALUE.
381 pair
.first
= std::string(token_start
, token_end
);
382 ++it
; // Skip past the '='.
385 // OK, now try to parse a value.
386 std::string::const_iterator value_start
, value_end
;
387 ParseValue(&it
, end
, &value_start
, &value_end
);
389 // OK, we're finished with a Token/Value.
390 pair
.second
= std::string(value_start
, value_end
);
392 // From RFC2109: "Attributes (names) (attr) are case-insensitive."
394 base::StringToLowerASCII(&pair
.first
);
395 // Ignore Set-Cookie directives contaning control characters. See
396 // http://crbug.com/238041.
397 if (!IsValidCookieAttributeValue(pair
.first
) ||
398 !IsValidCookieAttributeValue(pair
.second
)) {
403 pairs_
.push_back(pair
);
405 // We've processed a token/value pair, we're either at the end of
406 // the string or a ValueSeparator like ';', which we want to skip.
412 void ParsedCookie::SetupAttributes() {
413 // Ignore Set-Cookie directive where name and value are both empty.
414 if (pairs_
[0].first
.empty() && pairs_
[0].second
.empty()) {
419 // We skip over the first token/value, the user supplied one.
420 for (size_t i
= 1; i
< pairs_
.size(); ++i
) {
421 if (pairs_
[i
].first
== kPathTokenName
) {
423 } else if (pairs_
[i
].first
== kDomainTokenName
) {
425 } else if (pairs_
[i
].first
== kExpiresTokenName
) {
427 } else if (pairs_
[i
].first
== kMaxAgeTokenName
) {
429 } else if (pairs_
[i
].first
== kSecureTokenName
) {
431 } else if (pairs_
[i
].first
== kHttpOnlyTokenName
) {
433 } else if (pairs_
[i
].first
== kPriorityTokenName
) {
436 /* some attribute we don't know or don't care about. */
441 bool ParsedCookie::SetString(size_t* index
,
442 const std::string
& key
,
443 const std::string
& value
) {
445 ClearAttributePair(*index
);
448 return SetAttributePair(index
, key
, value
);
452 bool ParsedCookie::SetBool(size_t* index
,
453 const std::string
& key
,
456 ClearAttributePair(*index
);
459 return SetAttributePair(index
, key
, std::string());
463 bool ParsedCookie::SetAttributePair(size_t* index
,
464 const std::string
& key
,
465 const std::string
& value
) {
466 if (!(IsValidToken(key
) && IsValidCookieAttributeValue(value
)))
471 pairs_
[*index
].second
= value
;
473 pairs_
.push_back(std::make_pair(key
, value
));
474 *index
= pairs_
.size() - 1;
479 void ParsedCookie::ClearAttributePair(size_t index
) {
480 // The first pair (name/value of cookie at pairs_[0]) cannot be cleared.
481 // Cookie attributes that don't have a value at the moment, are represented
482 // with an index being equal to 0.
486 size_t* indexes
[] = { &path_index_
, &domain_index_
, &expires_index_
,
487 &maxage_index_
, &secure_index_
, &httponly_index_
,
489 for (size_t i
= 0; i
< arraysize(indexes
); ++i
) {
490 if (*indexes
[i
] == index
)
492 else if (*indexes
[i
] > index
)
495 pairs_
.erase(pairs_
.begin() + index
);