diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2016-09-28 12:44:40 +1000 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2016-09-28 12:44:40 +1000 |
| commit | b21f076cc81c67ec9e65b57c6c41ad5b395e6f51 (patch) | |
| tree | 0b43424db6aeeda4df8d5a5b9a387ffb9ce8f877 /netlib/http | |
| parent | 1ed0dbddbcf22e703e0f6abb22e3b2e84dac0c7f (diff) | |
| parent | fba7fe101e0bec7bb6b10362477274caa523d54e (diff) | |
| download | mitmproxy-b21f076cc81c67ec9e65b57c6c41ad5b395e6f51.tar.gz mitmproxy-b21f076cc81c67ec9e65b57c6c41ad5b395e6f51.tar.bz2 mitmproxy-b21f076cc81c67ec9e65b57c6c41ad5b395e6f51.zip | |
Merge branch 'multi-cookie' of https://github.com/dufferzafar/mitmproxy
Diffstat (limited to 'netlib/http')
| -rw-r--r-- | netlib/http/cookies.py | 234 | ||||
| -rw-r--r-- | netlib/http/response.py | 2 |
2 files changed, 144 insertions, 92 deletions
diff --git a/netlib/http/cookies.py b/netlib/http/cookies.py index 1421d8eb..a3ac4806 100644 --- a/netlib/http/cookies.py +++ b/netlib/http/cookies.py @@ -14,12 +14,9 @@ information. Duplicate cookies are preserved in parsing, and can be set in formatting. We do attempt to escape and quote values where needed, but will not reject data that violate the specs. -Parsing accepts the formats in RFC6265 and partially RFC2109 and RFC2965. We do -not parse the comma-separated variant of Set-Cookie that allows multiple -cookies to be set in a single header. Technically this should be feasible, but -it turns out that violations of RFC6265 that makes the parsing problem -indeterminate are much more common than genuine occurences of the multi-cookie -variants. Serialization follows RFC6265. +Parsing accepts the formats in RFC6265 and partially RFC2109 and RFC2965. We +also parse the comma-separated variant of Set-Cookie that allows multiple +cookies to be set in a single header. Serialization follows RFC6265. http://tools.ietf.org/html/rfc6265 http://tools.ietf.org/html/rfc2109 @@ -31,8 +28,21 @@ _cookie_params = set(( 'secure', 'httponly', 'version', )) +ESCAPE = re.compile(r"([\"\\])") + + +class CookieAttrs(multidict.ImmutableMultiDict): + @staticmethod + def _kconv(key): + return key.lower() -# TODO: Disallow LHS-only Cookie values + @staticmethod + def _reduce_values(values): + # See the StickyCookieTest for a weird cookie that only makes sense + # if we take the last part. + return values[-1] + +SetCookie = collections.namedtuple("SetCookie", ["value", "attrs"]) def _read_until(s, start, term): @@ -47,13 +57,6 @@ def _read_until(s, start, term): return s[start:i + 1], i + 1 -def _read_token(s, start): - """ - Read a token - the LHS of a token/value pair in a cookie. - """ - return _read_until(s, start, ";=") - - def _read_quoted_string(s, start): """ start: offset to the first quote of the string to be read @@ -81,12 +84,16 @@ def _read_quoted_string(s, start): return "".join(ret), i + 1 +def _read_key(s, start, delims=";="): + """ + Read a key - the LHS of a token/value pair in a cookie. + """ + return _read_until(s, start, delims) + + def _read_value(s, start, delims): """ Reads a value - the RHS of a token/value pair in a cookie. - - special: If the value is special, commas are premitted. Else comma - terminates. This helps us support old and new style values. """ if start >= len(s): return "", start @@ -96,27 +103,82 @@ def _read_value(s, start, delims): return _read_until(s, start, delims) -def _read_pairs(s, off=0): +def _read_cookie_pairs(s, off=0): """ - Read pairs of lhs=rhs values. + Read pairs of lhs=rhs values from Cookie headers. off: start offset - specials: a lower-cased list of keys that may contain commas """ - vals = [] + pairs = [] + + while True: + lhs, off = _read_key(s, off) + lhs = lhs.lstrip() + + if lhs: + rhs = None + if off < len(s) and s[off] == "=": + rhs, off = _read_value(s, off + 1, ";") + + pairs.append([lhs, rhs]) + + off += 1 + + if not off < len(s): + break + + return pairs, off + + +def _read_set_cookie_pairs(s, off=0): + """ + Read pairs of lhs=rhs values from SetCookie headers while handling multiple cookies. + + off: start offset + specials: attributes that are treated specially + """ + cookies = [] + pairs = [] + while True: - lhs, off = _read_token(s, off) + lhs, off = _read_key(s, off, ";=,") lhs = lhs.lstrip() + if lhs: rhs = None - if off < len(s): - if s[off] == "=": - rhs, off = _read_value(s, off + 1, ";") - vals.append([lhs, rhs]) + if off < len(s) and s[off] == "=": + rhs, off = _read_value(s, off + 1, ";,") + + # Special handliing of attributes + if lhs.lower() == "expires": + # 'expires' values can contain commas in them so they need to + # be handled separately. + + # We actually bank on the fact that the expires value WILL + # contain a comma. Things will fail, if they don't. + + # '3' is just a heuristic we use to determine whether we've + # only read a part of the expires value and we should read more. + if len(rhs) <= 3: + trail, off = _read_value(s, off + 1, ";,") + rhs = rhs + "," + trail + + pairs.append([lhs, rhs]) + + # comma marks the beginning of a new cookie + if off < len(s) and s[off] == ",": + cookies.append(pairs) + pairs = [] + off += 1 + if not off < len(s): break - return vals, off + + if pairs or not cookies: + cookies.append(pairs) + + return cookies, off def _has_special(s): @@ -129,15 +191,12 @@ def _has_special(s): return False -ESCAPE = re.compile(r"([\"\\])") - - -def _format_pairs(lst, specials=(), sep="; "): +def _format_pairs(pairs, specials=(), sep="; "): """ specials: A lower-cased list of keys that will not be quoted. """ vals = [] - for k, v in lst: + for k, v in pairs: if v is None: vals.append(k) else: @@ -155,85 +214,78 @@ def _format_set_cookie_pairs(lst): ) -def _parse_set_cookie_pairs(s): +def parse_cookie_header(line): """ - For Set-Cookie, we support multiple cookies as described in RFC2109. - This function therefore returns a list of lists. + Parse a Cookie header value. + Returns a list of (lhs, rhs) tuples. """ - pairs, off_ = _read_pairs(s) + pairs, off_ = _read_cookie_pairs(line) return pairs -def parse_set_cookie_headers(headers): - ret = [] - for header in headers: - v = parse_set_cookie_header(header) - if v: - name, value, attrs = v - ret.append((name, SetCookie(value, attrs))) - return ret - - -class CookieAttrs(multidict.ImmutableMultiDict): - @staticmethod - def _kconv(key): - return key.lower() - - @staticmethod - def _reduce_values(values): - # See the StickyCookieTest for a weird cookie that only makes sense - # if we take the last part. - return values[-1] +def parse_cookie_headers(cookie_headers): + cookie_list = [] + for header in cookie_headers: + cookie_list.extend(parse_cookie_header(header)) + return cookie_list -SetCookie = collections.namedtuple("SetCookie", ["value", "attrs"]) +def format_cookie_header(lst): + """ + Formats a Cookie header value. + """ + return _format_pairs(lst) def parse_set_cookie_header(line): """ Parse a Set-Cookie header value - Returns a (name, value, attrs) tuple, or None, where attrs is an - CookieAttrs dict of attributes. No attempt is made to parse attribute - values - they are treated purely as strings. + Returns a list of (name, value, attrs) tuple for each cokie, or None. + Where attrs is a CookieAttrs dict of attributes. No attempt is made + to parse attribute values - they are treated purely as strings. """ - pairs = _parse_set_cookie_pairs(line) - if pairs: - return pairs[0][0], pairs[0][1], CookieAttrs(tuple(x) for x in pairs[1:]) + cookie_pairs, off = _read_set_cookie_pairs(line) + cookies = [ + (pairs[0][0], pairs[0][1], CookieAttrs(tuple(x) for x in pairs[1:])) + for pairs in cookie_pairs if pairs + ] -def format_set_cookie_header(name, value, attrs): - """ - Formats a Set-Cookie header value. - """ - pairs = [(name, value)] - pairs.extend( - attrs.fields if hasattr(attrs, "fields") else attrs - ) - return _format_set_cookie_pairs(pairs) + if cookies: + return cookies + else: + return None -def parse_cookie_headers(cookie_headers): - cookie_list = [] - for header in cookie_headers: - cookie_list.extend(parse_cookie_header(header)) - return cookie_list +def parse_set_cookie_headers(headers): + rv = [] + for header in headers: + cookies = parse_set_cookie_header(header) + if cookies: + for name, value, attrs in cookies: + rv.append((name, SetCookie(value, attrs))) + return rv -def parse_cookie_header(line): +def format_set_cookie_header(set_cookies): """ - Parse a Cookie header value. - Returns a list of (lhs, rhs) tuples. + Formats a Set-Cookie header value. """ - pairs, off_ = _read_pairs(line) - return pairs + rv = [] -def format_cookie_header(lst): - """ - Formats a Cookie header value. - """ - return _format_pairs(lst) + for set_cookie in set_cookies: + name, value, attrs = set_cookie + + pairs = [(name, value)] + pairs.extend( + attrs.fields if hasattr(attrs, "fields") else attrs + ) + + rv.append(_format_set_cookie_pairs(pairs)) + + return ", ".join(rv) def refresh_set_cookie_header(c, delta): @@ -245,7 +297,7 @@ def refresh_set_cookie_header(c, delta): A refreshed Set-Cookie string """ - name, value, attrs = parse_set_cookie_header(c) + name, value, attrs = parse_set_cookie_header(c)[0] if not name or not value: raise ValueError("Invalid Cookie") @@ -263,10 +315,10 @@ def refresh_set_cookie_header(c, delta): # For now, we just ignore this. attrs = attrs.with_delitem("expires") - ret = format_set_cookie_header(name, value, attrs) - if not ret: + rv = format_set_cookie_header([(name, value, attrs)]) + if not rv: raise ValueError("Invalid Cookie") - return ret + return rv def get_expiration_ts(cookie_attrs): diff --git a/netlib/http/response.py b/netlib/http/response.py index 385e233a..ec19640d 100644 --- a/netlib/http/response.py +++ b/netlib/http/response.py @@ -155,7 +155,7 @@ class Response(message.Message): def _set_cookies(self, value): cookie_headers = [] for k, v in value: - header = cookies.format_set_cookie_header(k, v[0], v[1]) + header = cookies.format_set_cookie_header([(k, v[0], v[1])]) cookie_headers.append(header) self.headers.set_all("set-cookie", cookie_headers) |