Survive illegal cookie values in parser

Only extract the legal part, but quietly drop the rest. Closes #171.
croservices · May 5, 2022 · 2dca3f5 · 2dca3f5
1 parent 0cf2829
commit 2dca3f5
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/lib/Cro/HTTP/Cookie.pm6 b/lib/Cro/HTTP/Cookie.pm6
@@ -40,7 +40,11 @@ grammar Cro::HTTP::Cookie::CookieString {
     my @same-site-opts = Cro::HTTP::Cookie::SameSite.enums.values;
 
     token TOP          { <cookie-pair> [';' ' '? <cookie-av> ]* }
-    token cookie-pair  { <cookie-name> '=' <cookie-value> }
+    token cookie-pair  { <cookie-name> '=' <cookie-value> <.drop-illegal-post-value> }
+    token drop-illegal-post-value {
+        # Cope with illegal (per-RFC) things that trail the cookie value.
+        <-[;]>*
+    }
     proto token cookie-av {*}
           token cookie-av:sym<expires>   { :i 'Expires=' [ <dt=DateTime::Parse::Grammar::rfc1123-date>    |
                                                            <dt=DateTime::Parse::Grammar::rfc850-date>     |
@@ -81,7 +85,7 @@ class Cro::HTTP::Cookie::CookieBuilder {
     }
 
     method cookie-pair($/) {
-        make $/.split('=')
+        make (~$<cookie-name>, ~$<cookie-value>)
     }
 
     method !data-deal($str) {

diff --git a/t/http-cookie.t b/t/http-cookie.t
@@ -121,4 +121,9 @@ is $cookie.path, '/', 'Correct path after extension';
 ok $cookie.secure, 'Secure parsed after extension';
 is-deeply $cookie.extensions, { :Version('1') }, 'Extensions are parsed and extracted also';
 
+$cookie = Cro::HTTP::Cookie.from-set-cookie: 'Authorization=Bearer xxx.xxx.xxx; path=/';
+is $cookie.name, 'Authorization', 'Correct cookie name when illegal whitespace in value';
+is $cookie.value, 'Bearer', 'Cookie value parsed up to illegal whitespace';
+is $cookie.path, '/', 'Recovered to parse path after illegal cookie value';
+
 done-testing;