classification
Title: cookielib.CookieJar.make_cookies fails for cookies with 'expires' set
Type: behavior Stage: test needed
Components: Library (Lib) Versions: Python 3.5, Python 3.4, Python 2.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: BreamoreBoy, Scott.Wimer, demian.brecht, jcea, orsenthil, r.david.murray, terry.reedy
Priority: normal Keywords: patch

Created on 2011-05-22 02:58 by Scott.Wimer, last changed 2014-06-17 22:07 by terry.reedy.

Files
File name Uploaded Description Edit
cookielib-crash.py Scott.Wimer, 2011-05-22 02:58 Trigger the bug.
cookielib-crash.patch Scott.Wimer, 2011-05-22 03:09 Patch to fix cookielib.py to handle expires header in make_cookies.
cookiejar_12144.patch demian.brecht, 2013-02-27 01:56 Update on latest source, from project root. review
Messages (8)
msg136497 - (view) Author: Scott Wimer (Scott.Wimer) Date: 2011-05-22 02:58
When cookielib.CookieJar().make_cookies is used to extract cookies from a urllib2 response, it crashes when it encounters a 'Set-Cookie' header entry that has an 'expires' attribute.

This crash occurs because the expires time is evaluated against the '_now' attribute of the CookieJar instance -- an attribute which is not set unless CookieJar().extract_cookies() was called previously.

Attached is a script that triggers this bug.
msg136498 - (view) Author: Scott Wimer (Scott.Wimer) Date: 2011-05-22 03:07
The actual error is triggered by line 1507 in '_cookie_from_cookie_tuple()'.

An easy fix is to move the setting of '_now' on line 1636 into the 'make_cookies()' method.

That addresses this problem and doesn't look like it would introduce any negative side effects.
msg136499 - (view) Author: Scott Wimer (Scott.Wimer) Date: 2011-05-22 03:09
Forgot to include the patch. Oops.
msg136580 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2011-05-23 00:16
Could you possibly test the bug in Python 2.7, 3.1, 3.2 and current 3.3 branch?.

Python 2.6 is open for security fixes only, I think.
msg137151 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2011-05-28 20:08
Exceptions with traceback are ordinary behavior issues. 'Crash' means segfault or equivalent on Windows. And Jesus is correct.

In general, include system with reports.
With 3.2.0 IDLE on Winxp, adjusted 3.x code

import urllib.request as ur, http.cookiejar as ck
cookie_jar = ck.CookieJar()
request = ur.Request('http://gdyn.cnn.com/1.1/1.gif?1301540335193')
conn = ur.urlopen(request)
cookie_jar.make_cookies(conn, request)

produces essentially same traceback ending in AttributeError.
I did not try the patch.
msg183105 - (view) Author: Demian Brecht (demian.brecht) * (Python triager) Date: 2013-02-27 01:56
I was able to repro this with Terry's steps on latest hg update. I've taken Scott's patch and updated it to diff from source root (his was pointing to /usr/lib) against the latest. The patch fixes the issue and I also can't see any negative knock-ons that may be caused by applying it.
msg220882 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2014-06-17 20:39
Can someone review the patch please.
msg220905 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2014-06-17 22:07
As I marked in the Stage setting 3 yrs ago, the patch needs a test, in particular a acceptible unittest. I doubt that cnn.com qualifies. Senthil? David?

Perhaps we should have a test.python.org for use by tests, with oscure urls that return just what is needed for tests.

In 3.x, a new test should go in test_http_cookiejar.py.
History
Date User Action Args
2014-06-17 22:07:40terry.reedysetnosy: + orsenthil, r.david.murray
messages: + msg220905
2014-06-17 20:39:02BreamoreBoysetnosy: + BreamoreBoy

messages: + msg220882
versions: + Python 3.4, Python 3.5, - Python 3.2, Python 3.3
2013-02-27 01:56:14demian.brechtsetfiles: + cookiejar_12144.patch

messages: + msg183105
2013-02-27 01:39:22demian.brechtsetnosy: + demian.brecht
2011-05-28 20:08:16terry.reedysetversions: + Python 2.7, Python 3.2, Python 3.3, - Python 2.6
nosy: + terry.reedy

messages: + msg137151

type: crash -> behavior
stage: test needed
2011-05-23 00:16:22jceasetmessages: + msg136580
2011-05-23 00:14:11jceasetnosy: + jcea
2011-05-22 03:09:41Scott.Wimersetfiles: + cookielib-crash.patch
keywords: + patch
messages: + msg136499
2011-05-22 03:07:55Scott.Wimersetmessages: + msg136498
2011-05-22 02:58:44Scott.Wimercreate