Message 337632 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xtreak
Recipients	benjamin.peterson, larry, martin.panter, miss-islington, ned.deily, orsenthil, serhiy.storchaka, xtreak
Date	2019-03-10.18:37:34
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1552243055.29.0.709423155611.issue35647@roundup.psfhosted.org>
In-reply-to

Content
The backport to 3.5 might require manual work since I used f-strings for tests that are not present in 3.5 and below. 2.7 is also affected and as I backported the tests and cookie set with path=/foo is sent on request to /foobad/foo . The module is present under Lib/cookielb.py and might also require a different backport. Since this applies RFC 6265 definition that is more stricter and concrete than RFC 2965 I am not sure if this might break someone's code though there is a bug in the paths to which the cookie is sent. I am adding Larry and Benjamin who can take a call on backport and if a backport is needed I will be happy to open respective PRs. The code in 2.7 also performs the same prefix match at https://github.com/python/cpython/blob/55438d713978a1913ef12c8a801848626228aad6/Lib/cookielib.py#L1182 that was fixed as per RFC 6265 . def path_return_ok(self, path, request): _debug("- checking cookie path=%s", path) req_path = request_path(request) if not req_path.startswith(path): _debug(" %s does not path-match %s", req_path, path) return False return True $ ./python.exe Python 2.7.16+ (remotes/upstream/2.7-dirty:55438d7139, Mar 10 2019, 23:35:15) [GCC 4.2.1 Compatible Apple LLVM 7.0.2 (clang-700.1.81)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> $ ./python.exe -m unittest -v test.test_cookielib.CookieTests.test_path_prefix_match test_path_prefix_match (test.test_cookielib.CookieTests) ... FAIL ====================================================================== FAIL: test_path_prefix_match (test.test_cookielib.CookieTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/Users/karthikeyansingaravelan/stuff/python/cpython/Lib/test/test_cookielib.py", line 673, in test_path_prefix_match self.assertNotIn('spam=eggs', h, "cookie set for {0}".format(path)) AssertionError: cookie set for /foobad/foo ---------------------------------------------------------------------- Ran 1 test in 0.010s FAILED (failures=1)

The backport to 3.5 might require manual work since I used f-strings for tests that are not present in 3.5 and below. 2.7 is also affected and as I backported the tests and cookie set with path=/foo is sent on request to /foobad/foo . The module is present under Lib/cookielb.py and might also require a different backport. Since this applies RFC 6265 definition that is more stricter and concrete than RFC 2965 I am not sure if this might break someone's code though there is a bug in the paths to which the cookie is sent. I am adding Larry and Benjamin who can take a call on backport and if a backport is needed I will be happy to open respective PRs.

The code in 2.7 also performs the same prefix match at https://github.com/python/cpython/blob/55438d713978a1913ef12c8a801848626228aad6/Lib/cookielib.py#L1182 that was fixed as per RFC 6265 .

    def path_return_ok(self, path, request):
        _debug("- checking cookie path=%s", path)
        req_path = request_path(request)
        if not req_path.startswith(path):
            _debug("  %s does not path-match %s", req_path, path)
            return False
        return True


$ ./python.exe
Python 2.7.16+ (remotes/upstream/2.7-dirty:55438d7139, Mar 10 2019, 23:35:15)
[GCC 4.2.1 Compatible Apple LLVM 7.0.2 (clang-700.1.81)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>
$ ./python.exe -m unittest -v test.test_cookielib.CookieTests.test_path_prefix_match
test_path_prefix_match (test.test_cookielib.CookieTests) ... FAIL

======================================================================
FAIL: test_path_prefix_match (test.test_cookielib.CookieTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/karthikeyansingaravelan/stuff/python/cpython/Lib/test/test_cookielib.py", line 673, in test_path_prefix_match
    self.assertNotIn('spam=eggs', h, "cookie set for {0}".format(path))
AssertionError: cookie set for /foobad/foo

----------------------------------------------------------------------
Ran 1 test in 0.010s

FAILED (failures=1)

History
Date	User	Action	Args
2019-03-10 18:37:35	xtreak	set	recipients: + xtreak, orsenthil, larry, benjamin.peterson, ned.deily, martin.panter, serhiy.storchaka, miss-islington
2019-03-10 18:37:35	xtreak	set	messageid: <1552243055.29.0.709423155611.issue35647@roundup.psfhosted.org>
2019-03-10 18:37:35	xtreak	link	issue35647 messages
2019-03-10 18:37:34	xtreak	create