Beispiel #1
0
    def test_two_component_domain_ns(self):
        # Netscape: .www.bar.com, www.bar.com, .bar.com, bar.com, no domain
        # should all get accepted, as should .acme.com, acme.com and no domain
        # for 2-component domains like acme.com.
        c = CookieJar()

        # two-component V0 domain is OK
        interact_netscape(c, "http://foo.net/", 'ns=bar')
        self.assertEquals(len(c), 1)
        self.assertEquals(c._cookies["foo.net"]["/"]["ns"].value, "bar")
        self.assertEquals(interact_netscape(c, "http://foo.net/"), "ns=bar")
        # *will* be returned to any other domain (unlike RFC 2965)...
        self.assertEquals(interact_netscape(c, "http://www.foo.net/"),
                          "ns=bar")
        # ...unless requested otherwise
        pol = DefaultCookiePolicy(
            strict_ns_domain=DefaultCookiePolicy.DomainStrictNonDomain)
        c.set_policy(pol)
        self.assertEquals(interact_netscape(c, "http://www.foo.net/"), "")

        # unlike RFC 2965, even explicit two-component domain is OK,
        # because .foo.net matches foo.net
        interact_netscape(c, "http://foo.net/foo/",
                          'spam1=eggs; domain=foo.net')
        # even if starts with a dot -- in NS rules, .foo.net matches foo.net!
        interact_netscape(c, "http://foo.net/foo/bar/",
                          'spam2=eggs; domain=.foo.net')
        self.assertEquals(len(c), 3)
        self.assertEquals(c._cookies[".foo.net"]["/foo"]["spam1"].value,
                          "eggs")
        self.assertEquals(c._cookies[".foo.net"]["/foo/bar"]["spam2"].value,
                          "eggs")
        self.assertEquals(interact_netscape(c, "http://foo.net/foo/bar/"),
                          "spam2=eggs; spam1=eggs; ns=bar")

        # top-level domain is too general
        interact_netscape(c, "http://foo.net/", 'nini="ni"; domain=.net')
        self.assertEquals(len(c), 3)

##         # Netscape protocol doesn't allow non-special top level domains (such
##         # as co.uk) in the domain attribute unless there are at least three
##         # dots in it.
        # Oh yes it does!  Real implementations don't check this, and real
        # cookies (of course) rely on that behaviour.
        interact_netscape(c, "http://foo.co.uk", 'nasty=trick; domain=.co.uk')
##         self.assertEquals(len(c), 2)
        self.assertEquals(len(c), 4)
Beispiel #2
0
 def test_secure(self):
     for ns in True, False:
         for whitespace in " ", "":
             c = CookieJar()
             if ns:
                 pol = DefaultCookiePolicy(rfc2965=False)
                 int = interact_netscape
                 vs = ""
             else:
                 pol = DefaultCookiePolicy(rfc2965=True)
                 int = interact_2965
                 vs = "; Version=1"
             c.set_policy(pol)
             url = "http://www.acme.com/"
             int(c, url, "foo1=bar%s%s" % (vs, whitespace))
             int(c, url, "foo2=bar%s; secure%s" %  (vs, whitespace))
             self.assert_(
                 not c._cookies["www.acme.com"]["/"]["foo1"].secure,
                 "non-secure cookie registered secure")
             self.assert_(
                 c._cookies["www.acme.com"]["/"]["foo2"].secure,
                 "secure cookie registered non-secure")