Closed MP3GMike closed 4 years ago
solcyr
commented
4 years ago Hello,
Could you please provide more details on the issue reproduction ? Do you have a unit test that can be added to cover this issue ?
For information,, the Grinder is still using Java8 for compilation and there is known limitation with higher Java versions
solcyr
commented
4 years ago Could you please check you are using the latest version (and not overloading) grinder-http.jar file ? I added your test case to the testsuite and it's passing: https://github.com/cossme/grinder/commit/b486e050f722e007adbc3a94d688c3651864d2c7
MP3GMike
commented
4 years ago Hello,
Could you please provide more details on the issue reproduction ? Do you have a unit test that can be added to cover this issue ?
For information,, the Grinder is still using Java8 for compilation and there is known limitation with higher Java versions
Hello,
Could you please provide more details on the issue reproduction ? Do you have a unit test that can be added to cover this issue ?
For information,, the Grinder is still using Java8 for compilation and there is known limitation with higher Java versions
hi, this was the case:
Original Cookie: csrf_xxxx=907bdc0226512c6c163ec305eb02b53c; expires=Wed, 17-Jun-2020 08:53:08 GMT; Max-Age=22000; path=/;HttpOnly;Secure, xxxx_session=m2q29qedevbhc75p6g2tq1njh6ebb85q; expires=Wed, 17-Jun-2020 14:46:28 GMT; Max-Age=43200; path=/; HttpOnly;HttpOnly;Secure
after parsing, the cookie looks like: Cookie after: csrf_xxxx=907bdc0226512c6c163ec305eb02b53c; expires=Wed, 17-Jun-2020 08:53:08 GMT; Max-Age=22000; path=/;Secure, xxxx_session=m2q29qedevbhc75p6g2tq1njh6ebb85q; expires=Wed, 17-Jun-2020 14:46:28 GMT; Max-Age=43200; path=/;Secure; HttpOnly;
so, there are 3 HttpOnly in the original cookie and after the grinder parses, it only removes two and one HttpOnly still remains.
This is the original code in Cookie.java line 168: set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly;",";"); set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly,",","); set_cookie = set_cookie.replaceAll("(?i);\s*HttpOnly$",";");
So I fixed by adding: set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly;",";"); `set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly;",";");` set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly,",","); set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly$",";");
And now it's working. Not beautiful, but it was an urgent fix by 4am.
Can I commit the change?
Regards, Miguel
solcyr
commented
4 years ago Hi,
You can commit in a branch and submit a pull request. Please add a test case as well. I would like to review the whole function because if we follow this logic we can agree on having 3 occurrences of the same header or even more.
Thank you
solcyr
commented
4 years ago Looking better at the code, it appears the Secure Header is well managed - multi occurrences are supported. I change the code to manage HttpOnly just like Secure. This way you should have a cleaner code that work whatever the number of HttpOnly header occurrences and whatever the position (followed by ; , or nothing)
Check out the branch
I will merge later on
solcyr
commented
4 years ago Hi Miguel,
I have merge the fix in the 4.0.2-SNAPSHOT branch, Please check it out and let me know !
MP3GMike
commented
4 years ago thanks!
Hi,
I have this cookie with HttpOnly:
csrf_x=f74735354645575672c37f4; expires=Tue, 16-Jun-2020 13:29:05 GMT; Max-Age=22000; path=/;Secure, x_session=1gasfstertwetr9345835i3mr8jkc5eth; expires=Tue, 16-Jun-2020 19:22:25 GMT; Max-Age=43200; path=/;HttpOnly;Secure
and is giving me this error:
in call Caused by: java.net.ProtocolException: Bad Set-Cookie header: csrf_habitat=b610d461cd3c0397b3517604a375f2e6; expires=Tue, 16-Jun-2020 13:29:05 GMT; Max-Age=22000; path=/;Secure, Habitat_session=34e2m783bc537vkqfu3o9q9i5hdim7ru; expires=Tue, 16-Jun-2020 19:22:25 GMT; Max-Age=43200; path=/;HttpOnly;Secure No '=' found for token starting at position 227
Can you help pls?
I tried to fix the problem in the code, but I have many errors in the build:
C:\Users\mchillitupa\git\grinder\grinder-core\src\main\java\net\grinder\console\editor\TextSource.java:52: error: bad use of '>'
true=> the text has changed.Can you tell me, why? is it maybe my JDK versión?