From 544d3945e3ea25b147507167fb2225b6756f9aae Mon Sep 17 00:00:00 2001 From: Daniel McQuiston Date: Tue, 17 Apr 2018 21:38:24 -0600 Subject: [PATCH 1/4] Fix issue when parsing invalid cookies --- cookiejar.js | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/cookiejar.js b/cookiejar.js index 2afe2e7..05c148e 100644 --- a/cookiejar.js +++ b/cookiejar.js @@ -67,11 +67,16 @@ if (this instanceof Cookie) { var parts = str.split(";").filter(function (value) { return !!value; - }), - pair = parts[0].match(/([^=]+)=([\s\S]*)/), - key = pair[1], - value = pair[2], - i; + }); + var i; + + var pair = parts[0].match(/([^=]+)=([\s\S]*)/); + if (!pair) return; + + var key = pair[1]; + var value = pair[2]; + if (!key || !value) return; + this.name = key; this.value = value; From 46dabdc8700a75b11b9b5edce4af760b0ed29cce Mon Sep 17 00:00:00 2001 From: Daniel McQuiston Date: Thu, 24 May 2018 20:41:46 -0600 Subject: [PATCH 2/4] Warn when cookie header is invalid --- cookiejar.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/cookiejar.js b/cookiejar.js index 05c148e..7e17dbe 100644 --- a/cookiejar.js +++ b/cookiejar.js @@ -71,11 +71,17 @@ var i; var pair = parts[0].match(/([^=]+)=([\s\S]*)/); - if (!pair) return; + if (!pair) { + console.warn(`Invalid cookie header encountered. Header: '${str}'`) + return; + } var key = pair[1]; var value = pair[2]; - if (!key || !value) return; + if (!key || !value) { + console.warn(`Unable to extract values from cookie header. Cookie: '${str}'`) + return; + } this.name = key; this.value = value; From e25d7256e8587f8d8894600cf068c0ee22fd10a9 Mon Sep 17 00:00:00 2001 From: Daniel McQuiston Date: Thu, 24 May 2018 20:46:54 -0600 Subject: [PATCH 3/4] Fix code to conform to jshint rules --- cookiejar.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cookiejar.js b/cookiejar.js index 7e17dbe..a19be10 100644 --- a/cookiejar.js +++ b/cookiejar.js @@ -72,14 +72,14 @@ var pair = parts[0].match(/([^=]+)=([\s\S]*)/); if (!pair) { - console.warn(`Invalid cookie header encountered. Header: '${str}'`) + console.warn("Invalid cookie header encountered. Header: '"+str+"'"); return; } var key = pair[1]; var value = pair[2]; if (!key || !value) { - console.warn(`Unable to extract values from cookie header. Cookie: '${str}'`) + console.warn("Unable to extract values from cookie header. Cookie: '"+str+"'"); return; } From 1730d38946b9ec90c9cd98c4506d1e7337afb4f7 Mon Sep 17 00:00:00 2001 From: Daniel McQuiston Date: Thu, 24 May 2018 21:22:11 -0600 Subject: [PATCH 4/4] Make bad cookie logic more obvious on what it is checking for --- cookiejar.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookiejar.js b/cookiejar.js index a19be10..d5969e4 100644 --- a/cookiejar.js +++ b/cookiejar.js @@ -78,7 +78,7 @@ var key = pair[1]; var value = pair[2]; - if (!key || !value) { + if ( typeof key !== 'string' || key.length === 0 || typeof value !== 'string' ) { console.warn("Unable to extract values from cookie header. Cookie: '"+str+"'"); return; }