def test_invalid_cookie_from_string(self):
cookie = "_cookie_session1234c12d4p312341243"
self.assertIsNone(utils.cookie_from_string(cookie))
cookie = "_cookie_session==1234c12d4p312341243"
self.assertIsNone(utils.cookie_from_string(cookie))
cookie = "_cookie_session:123s234c1234d12"
self.assertIsNone(utils.cookie_from_string(cookie))
def test_invalid_cookie_from_string(self):
cookie = "_cookie_session1234c12d4p312341243"
self.assertIsNone(utils.cookie_from_string(cookie))
cookie = "_cookie_session==1234c12d4p312341243"
self.assertIsNone(utils.cookie_from_string(cookie))
cookie = "_cookie_session:123s234c1234d12"
self.assertIsNone(utils.cookie_from_string(cookie))
def test_strict_cookies(self):
valid_cookie = '_cookie_session="1234c12d4p=312341243";' \
'expires=Thu, 29 Jan 2015 13:51:41 GMT; httponly;' \
'secure;Path=/gitlab'
self.assertDictContainsSubset(
{
'expires': 'Thu, 29 Jan 2015 13:51:41 GMT',
'value': '1234c12d4p=312341243',
},
utils.cookie_from_string(valid_cookie, strict_cookies=True),
)
invalid_cookie = "_cookie_session:xyz"
self.assertIsNone(utils.cookie_from_string(invalid_cookie,
strict_cookies=True))
def test_strict_cookies(self):
valid_cookie = '_cookie_session="1234c12d4p=312341243";' \
'expires=Thu, 29 Jan 2015 13:51:41 GMT; httponly;' \
'secure;Path=/gitlab'
self.assertDictContainsSubset(
{
'expires': 'Thu, 29 Jan 2015 13:51:41 GMT',
'value': '1234c12d4p=312341243',
},
utils.cookie_from_string(valid_cookie, strict_cookies=True),
)
invalid_cookie = "_cookie_session:xyz"
self.assertIsNone(
utils.cookie_from_string(invalid_cookie, strict_cookies=True))
def test_get_dict_in_cookie_from_string(self):
cookie = "_cookie_session = 1266bb13c139cfba3ed1c9c68110bae9;" \
"expires=Thu, 29 Jan 2015 13:51:41 -0000; httponly;" \
"Path=/gitlab"
my_dict = utils.cookie_from_string(cookie)
self.assertIs(type(my_dict), dict)
def test_get_dict_in_cookie_from_string(self):
cookie = "_cookie_session = 1266bb13c139cfba3ed1c9c68110bae9;" \
"expires=Thu, 29 Jan 2015 13:51:41 -0000; httponly;" \
"Path=/gitlab"
my_dict = utils.cookie_from_string(cookie)
self.assertIs(type(my_dict), dict)
def test_quoted_value_cookies(self):
valid_cookie = '_cookie_session="1234c12d4p=312341243";' \
'expires=Thu, 29 Jan 2015 13:51:41 GMT; httponly;' \
'secure;Path="/gitlab"'
self.assertDictContainsSubset(
{
'expires': 'Thu, 29 Jan 2015 13:51:41 GMT',
'value': '1234c12d4p=312341243',
'path': '/gitlab',
},
utils.cookie_from_string(valid_cookie),
)
def test_quoted_value_cookies(self):
valid_cookie = '_cookie_session="1234c12d4p=312341243";' \
'expires=Thu, 29 Jan 2015 13:51:41 GMT; httponly;' \
'secure;Path="/gitlab"'
self.assertDictContainsSubset(
{
'expires': 'Thu, 29 Jan 2015 13:51:41 GMT',
'value': '1234c12d4p=312341243',
'path': '/gitlab',
},
utils.cookie_from_string(valid_cookie),
)
def test_invalid_attr_cookie_from_string(self):
cookie = "_cookie=2j3d4k35f466l7fj9;path=/;None;"
self.assertNotIn("None", utils.cookie_from_string(cookie))
self.assertIn("value", utils.cookie_from_string(cookie))
self.assertIn("2j3d4k35f466l7fj9", utils.cookie_from_string(cookie)["value"])
self.assertIn("key", utils.cookie_from_string(cookie))
self.assertIn("_cookie", utils.cookie_from_string(cookie)["key"])
self.assertIn("path", utils.cookie_from_string(cookie))
self.assertIn("/", utils.cookie_from_string(cookie)["path"])
def test_invalid_attr_cookie_from_string(self):
cookie = "_cookie=2j3d4k35f466l7fj9;path=/;None;"
self.assertNotIn('None', utils.cookie_from_string(cookie))
self.assertIn('value', utils.cookie_from_string(cookie))
self.assertIn('2j3d4k35f466l7fj9',
utils.cookie_from_string(cookie)['value'])
self.assertIn('key', utils.cookie_from_string(cookie))
self.assertIn('_cookie', utils.cookie_from_string(cookie)['key'])
self.assertIn('path', utils.cookie_from_string(cookie))
self.assertIn('/', utils.cookie_from_string(cookie)['path'])
def test_invalid_attr_cookie_from_string(self):
cookie = "_cookie=2j3d4k35f466l7fj9;path=/;None;"
self.assertNotIn('None', utils.cookie_from_string(cookie))
self.assertIn('value', utils.cookie_from_string(cookie))
self.assertIn('2j3d4k35f466l7fj9',
utils.cookie_from_string(cookie)['value'])
self.assertIn('key', utils.cookie_from_string(cookie))
self.assertIn('_cookie',
utils.cookie_from_string(cookie)['key'])
self.assertIn('path', utils.cookie_from_string(cookie))
self.assertIn('/', utils.cookie_from_string(cookie)['path'])
def get_django_response(proxy_response, strict_cookies=False):
"""This method is used to create an appropriate response based on the
Content-Length of the proxy_response. If the content is bigger than
MIN_STREAMING_LENGTH, which is found on utils.py,
than django.http.StreamingHttpResponse will be created,
else a django.http.HTTPResponse will be created instead
:param proxy_response: An Instance of urllib3.response.HTTPResponse that
will create an appropriate response
:param strict_cookies: Whether to only accept RFC-compliant cookies
:returns: Returns an appropriate response based on the proxy_response
content-length
"""
status = proxy_response.status
headers = proxy_response.headers
logger.debug("Proxy response headers: %s", headers)
content_type = headers.get("Content-Type")
logger.debug("Content-Type: %s", content_type)
if should_stream(proxy_response):
logger.info("Content-Length is bigger than %s", DEFAULT_AMT)
s = proxy_response.stream(DEFAULT_AMT)
response = StreamingHttpResponse(s, status=status, content_type=content_type)
else:
content = proxy_response.data or b""
response = HttpResponse(content, status=status, content_type=content_type)
logger.info("Normalizing response headers")
set_response_headers(response, headers)
logger.debug("Response headers: %s", getattr(response, "_headers"))
cookies = proxy_response.headers.getlist("set-cookie")
logger.info("Checking for invalid cookies")
for cookie_string in cookies:
cookie_dict = cookie_from_string(cookie_string, strict_cookies=strict_cookies)
# if cookie is invalid cookie_dict will be None
if cookie_dict:
response.set_cookie(**cookie_dict)
logger.debug("Response cookies: %s", response.cookies)
return response
def test_None_value_cookie_from_string(self):
cookie = "_cookie_session="
self.assertIn("_cookie_session", utils.cookie_from_string(cookie)["key"])
self.assertIn("", utils.cookie_from_string(cookie)["value"])
def test_valid_attr_in_cookie_from_string(self):
cookie = (
"_cookie_session=1266bb13c139cfba3ed1c9c68110bae9;"
"expires=Thu, 29 Jan 2015 13:51:41 -0000; httponly;"
"secure;Path=/gitlab"
)
self.assertIn("path", utils.cookie_from_string(cookie))
self.assertIn("/", utils.cookie_from_string(cookie)["path"])
self.assertIn("expires", utils.cookie_from_string(cookie))
self.assertIn("Thu, 29 Jan 2015 13:51:41 -0000", utils.cookie_from_string(cookie)["expires"])
self.assertIn("httponly", utils.cookie_from_string(cookie))
self.assertTrue(utils.cookie_from_string(cookie)["httponly"])
self.assertIn("secure", utils.cookie_from_string(cookie))
self.assertTrue(utils.cookie_from_string(cookie)["secure"])
self.assertIn("value", utils.cookie_from_string(cookie))
self.assertIn("1266bb13c139cfba3ed1c9c68110bae9", utils.cookie_from_string(cookie)["value"])
self.assertIn("key", utils.cookie_from_string(cookie))
self.assertIn("_cookie_session", utils.cookie_from_string(cookie)["key"])
def test_value_exeption_cookie_from_string(self):
cookie = "_cookie=k2j3l;path=/,comment=teste;httponly"
self.assertIsNotNone(utils.cookie_from_string(cookie))
def test_ignore_comment_cookie_from_string(self):
cookie = "_cookie=k2j3l;path=/;comment=this is a new comment;secure"
self.assertNotIn('comment', utils.cookie_from_string(cookie))
def test_valid_attr_in_cookie_from_string(self):
cookie = "_cookie_session=1266bb13c139cfba3ed1c9c68110bae9;" \
"expires=Thu, 29 Jan 2015 13:51:41 -0000; httponly;" \
"secure;Path=/gitlab;max-age=60;samesite=lax"
self.assertIn('path', utils.cookie_from_string(cookie))
self.assertIn('/', utils.cookie_from_string(cookie)['path'])
self.assertIn('expires', utils.cookie_from_string(cookie))
self.assertIn('Thu, 29 Jan 2015 13:51:41 -0000',
utils.cookie_from_string(cookie)['expires'])
self.assertIn('httponly', utils.cookie_from_string(cookie))
self.assertTrue(utils.cookie_from_string(cookie)['httponly'])
self.assertIn('secure', utils.cookie_from_string(cookie))
self.assertTrue(utils.cookie_from_string(cookie)['secure'])
self.assertIn('samesite', utils.cookie_from_string(cookie))
self.assertIn('lax', utils.cookie_from_string(cookie)['samesite'])
self.assertIn('max_age', utils.cookie_from_string(cookie))
self.assertIn('60', utils.cookie_from_string(cookie)['max_age'])
self.assertIn('value', utils.cookie_from_string(cookie))
self.assertIn('1266bb13c139cfba3ed1c9c68110bae9',
utils.cookie_from_string(cookie)['value'])
self.assertIn('key', utils.cookie_from_string(cookie))
self.assertIn('_cookie_session',
utils.cookie_from_string(cookie)['key'])
def test_None_value_cookie_from_string(self):
cookie = "_cookie_session="
self.assertIn('_cookie_session',
utils.cookie_from_string(cookie)['key'])
self.assertIn('',
utils.cookie_from_string(cookie)['value'])
def test_valid_attr_in_cookie_from_string(self):
cookie = "_cookie_session=1266bb13c139cfba3ed1c9c68110bae9;" \
"expires=Thu, 29 Jan 2015 13:51:41 -0000; httponly;" \
"secure;Path=/gitlab"
self.assertIn('path', utils.cookie_from_string(cookie))
self.assertIn('/', utils.cookie_from_string(cookie)['path'])
self.assertIn('expires', utils.cookie_from_string(cookie))
self.assertIn('Thu, 29 Jan 2015 13:51:41 -0000',
utils.cookie_from_string(cookie)['expires'])
self.assertIn('httponly', utils.cookie_from_string(cookie))
self.assertTrue(utils.cookie_from_string(cookie)['httponly'])
self.assertIn('secure', utils.cookie_from_string(cookie))
self.assertTrue(utils.cookie_from_string(cookie)['secure'])
self.assertIn('value', utils.cookie_from_string(cookie))
self.assertIn('1266bb13c139cfba3ed1c9c68110bae9',
utils.cookie_from_string(cookie)['value'])
self.assertIn('key', utils.cookie_from_string(cookie))
self.assertIn('_cookie_session',
utils.cookie_from_string(cookie)['key'])
def test_None_value_cookie_from_string(self):
cookie = "_cookie_session="
self.assertIn('_cookie_session',
utils.cookie_from_string(cookie)['key'])
self.assertIn('', utils.cookie_from_string(cookie)['value'])
def test_value_exeption_cookie_from_string(self):
cookie = "_cookie=k2j3l;path=/,comment=teste;httponly"
self.assertIsNotNone(utils.cookie_from_string(cookie))
def test_ignore_comment_cookie_from_string(self):
cookie = "_cookie=k2j3l;path=/;comment=this is a new comment;secure"
self.assertNotIn('comment', utils.cookie_from_string(cookie))
