search

Kong / unirest-java

Unirest in Java: Simplified, lightweight HTTP client library.
http://kong.github.io/unirest-java/
MIT License
2.6k stars 592 forks source link

ArrayIndexOutOfBoundsException when parsing cookie #331

Closed Masterzach32 closed 4 years ago

Masterzach32 commented 4 years ago

Describe the bug When parsing a cookie with no value, an ArrayIndexOutOfBoundsException is thrown for example: SignOnDefault=; domain=.admin.virginia.edu; path=/; HttpOnly

To Reproduce

val request = Unirest.post("https://sisuva.admin.virginia.edu/psc/ihprd/UVSS/SA/s/WEBLIB_HCX_CM.H_CLASS_SEARCH.FieldFormula.IScript_ClassSearch?institution=UVA01&term=1202&date_from=01%2F01%2F1971&date_thru=12%2F31%2F2200&subject=CHEM&catalog_nbr=&time_range=0%2C23.5&days=&campus=&location=&acad_career=&acad_group=&rqmnt_designtn=&instruction_mode=&keyword=&class_nbr=&acad_org=CHEM&enrl_stat=&crse_attr=&crse_attr_value=&instructor_name=&session_code=&units=&page=1")
val response = request.asJson()
val cookies = response.cookies // error thrown here

Expected behavior Cookie is parsed normally, and has an empty/blank String object as its value

Environmental Data:

Additional context Error is occurring here when parsing cookie. Since the name/value pair of the cookie is split around = and no text follows, sub has only 1 value.

private Cookie(String[] split){
    int pos = 0;
    for(String s : split){
        if(pos == 0){
            String[] sub = s.split("=");
            name = sub[0];
            value = getDecode(sub[1]);
        } else {
            String[] sub = s.split("=");
            parseSection(sub);
        }
        pos++;     
    }
}

I can make a PR that changes it to this, which fixes the issue

private Cookie(String[] split){
    int pos = 0;
    for(String s : split){
        if(pos == 0){
            String[] sub = s.split("=");
            name = sub[0];
            if (sub.length == 2)
                value = getDecode(sub[1]);
            else // cookie that has no value
                value = "";
        } else {
            String[] sub = s.split("=");
            parseSection(sub);
        }
        pos++;     
    }
}

Has anyone else encountered this?

ryber commented 4 years ago

Huh, I've never seen a cookie that had no value at all. Weird. Is that even allowed? Well regardless we can certainly handle it. If you want to open a PR feel free but please include tests.

ryber commented 4 years ago

Huh, as expected, the spec is vague about the idea of a value being null (unsurprising as the various cookie RFCs are all a train wreck), but I did find another thing we don't handle. The value can be double quote-encased.

ryber commented 4 years ago

@Masterzach32 https://github.com/Kong/unirest-java/commit/3c4eb8a78d8dd682209e58e3e3747de7ecbc1ee4

Should have a release soon, there some other cookie parsing issues I want to address first

ryber commented 4 years ago

3.4.01 should be in mvn central in about 20 minutes