Drop cookie value unescaping, close AsyncHttpClient#858

Author: slandelle

src/main/java/com/ning/http/client/cookie/Cookie.java

@@ -14,7 +14,7 @@
 
 public class Cookie {
 
-    public static Cookie newValidCookie(String name, String value, String domain, String rawValue, String path, long expires, int maxAge, boolean secure, boolean httpOnly) {
+    public static Cookie newValidCookie(String name, String value, boolean wrap, String domain, String path, long expires, int maxAge, boolean secure, boolean httpOnly) {
 
         if (name == null) {
             throw new NullPointerException("name");
@@ -56,7 +56,7 @@ public static Cookie newValidCookie(String name, String value, String domain, St
         domain = validateValue("domain", domain);
         path = validateValue("path", path);
 
-        return new Cookie(name, value, rawValue, domain, path, expires, maxAge, secure, httpOnly);
+        return new Cookie(name, value, wrap, domain, path, expires, maxAge, secure, httpOnly);
     }
 
     private static String validateValue(String name, String value) {
@@ -84,18 +84,18 @@ private static String validateValue(String name, String value) {
 
     private final String name;
     private final String value;
-    private final String rawValue;
+    private final boolean wrap;
     private final String domain;
     private final String path;
     private long expires;
     private final int maxAge;
     private final boolean secure;
     private final boolean httpOnly;
 
-    public Cookie(String name, String value, String rawValue, String domain, String path, long expires, int maxAge, boolean secure, boolean httpOnly) {
+    public Cookie(String name, String value, boolean wrap, String domain, String path, long expires, int maxAge, boolean secure, boolean httpOnly) {
         this.name = name;
         this.value = value;
-        this.rawValue = rawValue;
+        this.wrap = wrap;
         this.domain = domain;
         this.path = path;
         this.expires = expires;
@@ -116,8 +116,8 @@ public String getValue() {
         return value;
     }
 
-    public String getRawValue() {
-        return rawValue;
+    public boolean isWrap() {
+        return wrap;
     }
 
     public String getPath() {
@@ -145,7 +145,10 @@ public String toString() {
         StringBuilder buf = new StringBuilder();
         buf.append(name);
         buf.append('=');
-        buf.append(rawValue);
+        if (wrap)
+            buf.append('"').append(value).append('"');
+        else
+            buf.append(value);
         if (domain != null) {
             buf.append("; domain=");
             buf.append(domain);

src/main/java/com/ning/http/client/cookie/CookieDecoder.java

@@ -12,23 +12,36 @@
  */
 package com.ning.http.client.cookie;
 
-import com.ning.http.util.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.nio.CharBuffer;
+
+import static com.ning.http.client.cookie.CookieUtil.*;
 
 public class CookieDecoder {
 
+    private static final Logger LOGGER = LoggerFactory.getLogger(CookieDecoder.class);
+    
     /**
      * Decodes the specified HTTP header value into {@link Cookie}.
      * 
      * @return the decoded {@link Cookie}
      */
     public static Cookie decode(String header) {
 
-        if (header.length() == 0)
+        if (header == null) {
+            throw new NullPointerException("header");
+        }
+
+        final int headerLen = header.length();
+
+        if (headerLen == 0) {
             return null;
+        }
 
-        KeyValuePairsParser pairsParser = new KeyValuePairsParser();
+        CookieBuilder cookieBuilder = null;
 
-        final int headerLen = header.length();
         loop: for (int i = 0;;) {
 
             // Skip spaces and separators.
@@ -49,111 +62,193 @@ public static Cookie decode(String header) {
                 break;
             }
 
-            int newNameStart = i;
-            int newNameEnd = i;
-            String value;
-            String rawValue;
+            int nameBegin = i;
+            int nameEnd = i;
+            int valueBegin = -1;
+            int valueEnd = -1;
 
-            if (i == headerLen) {
-                value = rawValue = null;
-            } else {
+            if (i != headerLen) {
                 keyValLoop: for (;;) {
 
                     char curChar = header.charAt(i);
                     if (curChar == ';') {
                         // NAME; (no value till ';')
-                        newNameEnd = i;
-                        value = rawValue = null;
+                        nameEnd = i;
+                        valueBegin = valueEnd = -1;
                         break keyValLoop;
+
                     } else if (curChar == '=') {
                         // NAME=VALUE
-                        newNameEnd = i;
+                        nameEnd = i;
                         i++;
                         if (i == headerLen) {
                             // NAME= (empty value, i.e. nothing after '=')
-                            value = rawValue = "";
+                            valueBegin = valueEnd = 0;
                             break keyValLoop;
                         }
 
-                        int newValueStart = i;
-                        char c = header.charAt(i);
-                        if (c == '"' || c == '\'') {
-                            // NAME="VALUE" or NAME='VALUE'
-                            StringBuilder newValueBuf = StringUtils.stringBuilder();
-
-                            int rawValueStart = i;
-                            int rawValueEnd = i;
-
-                            final char q = c;
-                            boolean hadBackslash = false;
-                            i++;
-                            for (;;) {
-                                if (i == headerLen) {
-                                    value = newValueBuf.toString();
-                                    // only need to compute raw value for cookie
-                                    // value which is at most in 2nd position
-                                    rawValue = header.substring(rawValueStart, rawValueEnd);
-                                    break keyValLoop;
-                                }
-                                if (hadBackslash) {
-                                    hadBackslash = false;
-                                    c = header.charAt(i++);
-                                    rawValueEnd = i;
-                                    switch (c) {
-                                    case '\\':
-                                    case '"':
-                                    case '\'':
-                                        // Escape last backslash.
-                                        newValueBuf.setCharAt(newValueBuf.length() - 1, c);
-                                        break;
-                                    default:
-                                        // Do not escape last backslash.
-                                        newValueBuf.append(c);
-                                    }
-                                } else {
-                                    c = header.charAt(i++);
-                                    rawValueEnd = i;
-                                    if (c == q) {
-                                        value = newValueBuf.toString();
-                                        // only need to compute raw value for
-                                        // cookie value which is at most in 2nd
-                                        // position
-                                        rawValue = header.substring(rawValueStart, rawValueEnd);
-                                        break keyValLoop;
-                                    }
-                                    newValueBuf.append(c);
-                                    if (c == '\\') {
-                                        hadBackslash = true;
-                                    }
-                                }
-                            }
-                        } else {
-                            // NAME=VALUE;
-                            int semiPos = header.indexOf(';', i);
-                            if (semiPos > 0) {
-                                value = rawValue = header.substring(newValueStart, semiPos);
-                                i = semiPos;
-                            } else {
-                                value = rawValue = header.substring(newValueStart);
-                                i = headerLen;
-                            }
-                        }
+                        valueBegin = i;
+                        // NAME=VALUE;
+                        int semiPos = header.indexOf(';', i);
+                        valueEnd = i = semiPos > 0 ? semiPos : headerLen;
                         break keyValLoop;
                     } else {
                         i++;
                     }
 
                     if (i == headerLen) {
                         // NAME (no value till the end of string)
-                        newNameEnd = headerLen;
-                        value = rawValue = null;
+                        nameEnd = headerLen;
+                        valueBegin = valueEnd = -1;
                         break;
                     }
                 }
             }
 
-            pairsParser.parseKeyValuePair(header, newNameStart, newNameEnd, value, rawValue);
+            if (valueEnd > 0 && header.charAt(valueEnd - 1) == ',') {
+                // old multiple cookies separator, skipping it
+                valueEnd--;
+            }
+
+            if (cookieBuilder == null) {
+                // cookie name-value pair
+                if (nameBegin == -1 || nameBegin == nameEnd) {
+                    LOGGER.debug("Skipping cookie with null name");
+                    return null;
+                }
+
+                if (valueBegin == -1) {
+                    LOGGER.debug("Skipping cookie with null value");
+                    return null;
+                }
+
+                CharSequence wrappedValue = CharBuffer.wrap(header, valueBegin, valueEnd);
+                CharSequence unwrappedValue = unwrapValue(wrappedValue);
+                if (unwrappedValue == null) {
+                    LOGGER.debug("Skipping cookie because starting quotes are not properly balanced in '{}'", unwrappedValue);
+                    return null;
+                }
+
+                final String name = header.substring(nameBegin, nameEnd);
+
+                final boolean wrap = unwrappedValue.length() != valueEnd - valueBegin;
+
+                cookieBuilder = new CookieBuilder(name, unwrappedValue.toString(), wrap);
+
+            } else {
+                // cookie attribute
+                String attrValue = valueBegin == -1 ? null : header.substring(valueBegin, valueEnd);
+                cookieBuilder.appendAttribute(header, nameBegin, nameEnd, attrValue);
+            }
+        }
+        return cookieBuilder.cookie();
+    }
+
+    private static class CookieBuilder {
+
+        private static final String PATH = "Path";
+
+        private static final String EXPIRES = "Expires";
+
+        private static final String MAX_AGE = "Max-Age";
+
+        private static final String DOMAIN = "Domain";
+
+        private static final String SECURE = "Secure";
+
+        private static final String HTTPONLY = "HTTPOnly";
+
+        private final String name;
+        private final String value;
+        private final boolean wrap;
+        private String domain;
+        private String path;
+        private int maxAge = Integer.MIN_VALUE;
+        private String expires;
+        private boolean secure;
+        private boolean httpOnly;
+
+        public CookieBuilder(String name, String value, boolean wrap) {
+            this.name = name;
+            this.value = value;
+            this.wrap = wrap;
+        }
+
+        public Cookie cookie() {
+            return new Cookie(name, value, wrap, domain, path, computeExpires(expires), maxAge, secure, httpOnly);
+        }
+
+        /**
+         * Parse and store a key-value pair. First one is considered to be the
+         * cookie name/value. Unknown attribute names are silently discarded.
+         *
+         * @param header
+         *            the HTTP header
+         * @param keyStart
+         *            where the key starts in the header
+         * @param keyEnd
+         *            where the key ends in the header
+         * @param value
+         *            the decoded value
+         */
+        public void appendAttribute(String header, int keyStart, int keyEnd, String value) {
+            setCookieAttribute(header, keyStart, keyEnd, value);
+        }
+
+        private void setCookieAttribute(String header, int keyStart, int keyEnd, String value) {
+
+            int length = keyEnd - keyStart;
+
+            if (length == 4) {
+                parse4(header, keyStart, value);
+            } else if (length == 6) {
+                parse6(header, keyStart, value);
+            } else if (length == 7) {
+                parse7(header, keyStart, value);
+            } else if (length == 8) {
+                parse8(header, keyStart, value);
+            }
+        }
+
+        private void parse4(String header, int nameStart, String value) {
+            if (header.regionMatches(true, nameStart, PATH, 0, 4)) {
+                path = value;
+            }
+        }
+
+        private void parse6(String header, int nameStart, String value) {
+            if (header.regionMatches(true, nameStart, DOMAIN, 0, 5)) {
+                domain = value.length() > 0 ? value.toString() : null;
+            } else if (header.regionMatches(true, nameStart, SECURE, 0, 5)) {
+                secure = true;
+            }
+        }
+
+        private void setExpire(String value) {
+            expires = value;
+        }
+
+        private void setMaxAge(String value) {
+            try {
+                maxAge = Math.max(Integer.valueOf(value), 0);
+            } catch (NumberFormatException e1) {
+                // ignore failure to parse -> treat as session cookie
+            }
+        }
+
+        private void parse7(String header, int nameStart, String value) {
+            if (header.regionMatches(true, nameStart, EXPIRES, 0, 7)) {
+                setExpire(value);
+            } else if (header.regionMatches(true, nameStart, MAX_AGE, 0, 7)) {
+                setMaxAge(value);
+            }
+        }
+
+        private void parse8(String header, int nameStart, String value) {
+
+            if (header.regionMatches(true, nameStart, HTTPONLY, 0, 8)) {
+                httpOnly = true;
+            }
         }
-        return pairsParser.cookie();
     }
 }