Validate cookie name (#278)

Validate cookie name passes go's isCookieNameValid check
This commit is contained in:
tanuck 2016-07-19 20:51:25 +01:00 committed by Jehiah Czebotar
parent 17f412e407
commit c015075996
2 changed files with 25 additions and 0 deletions

View File

@ -4,6 +4,7 @@ import (
"crypto" "crypto"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"net/http"
"net/url" "net/url"
"os" "os"
"regexp" "regexp"
@ -200,6 +201,7 @@ func (o *Options) Validate() error {
} }
msgs = parseSignatureKey(o, msgs) msgs = parseSignatureKey(o, msgs)
msgs = validateCookieName(o, msgs)
if len(msgs) != 0 { if len(msgs) != 0 {
return fmt.Errorf("Invalid configuration:\n %s", return fmt.Errorf("Invalid configuration:\n %s",
@ -261,6 +263,14 @@ func parseSignatureKey(o *Options, msgs []string) []string {
return msgs return msgs
} }
func validateCookieName(o *Options, msgs []string) []string {
cookie := &http.Cookie{Name: o.CookieName}
if cookie.String() == "" {
return append(msgs, fmt.Sprintf("invalid cookie name: %q", o.CookieName))
}
return msgs
}
func addPadding(secret string) string { func addPadding(secret string) string {
padding := len(secret) % 4 padding := len(secret) % 4
switch padding { switch padding {

View File

@ -2,6 +2,7 @@ package main
import ( import (
"crypto" "crypto"
"fmt"
"net/url" "net/url"
"strings" "strings"
"testing" "testing"
@ -216,3 +217,17 @@ func TestValidateSignatureKeyUnsupportedAlgorithm(t *testing.T) {
assert.Equal(t, err.Error(), "Invalid configuration:\n"+ assert.Equal(t, err.Error(), "Invalid configuration:\n"+
" unsupported signature hash algorithm: "+o.SignatureKey) " unsupported signature hash algorithm: "+o.SignatureKey)
} }
func TestValidateCookie(t *testing.T) {
o := testOptions()
o.CookieName = "_valid_cookie_name"
assert.Equal(t, nil, o.Validate())
}
func TestValidateCookieBadName(t *testing.T) {
o := testOptions()
o.CookieName = "_bad_cookie_name{}"
err := o.Validate()
assert.Equal(t, err.Error(), "Invalid configuration:\n"+
fmt.Sprintf(" invalid cookie name: %q", o.CookieName))
}