[ruby/cgi] Check cookie name/path/domain characters

https://hackerone.com/reports/1204977 https://github.com/ruby/cgi/commit/30107a4797
author: Nobuyoshi Nakada <nobu@ruby-lang.org> 2022-08-16 18:36:12 +0900
committer: git <svn-admin@ruby-lang.org> 2022-11-22 02:00:10 +0000
commit: c05f85f373ed48594d9bf08e11ae0c84c06062f7 (patch)
tree: 3570c9348f62857ee80c23c3532c009cc8220584 /test/cgi
parent: cf05c202ce7716748c4f2f9c24b52fe7f12d40fc (diff)
1 files changed, 64 insertions, 0 deletions
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 985cc0d7a1..2f09d0f9b2 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -118,6 +118,70 @@ class CGICookieTest < Test::Unit::TestCase
   end
 
 
+  def test_cgi_cookie_domain_injection_into_name
+    name = "a=b; domain=example.com;"
+    path = "/"
+    domain = "example.jp"
+    assert_raise(ArgumentError) do
+      CGI::Cookie.new('name' => name,
+                      'value' => "value",
+                      'domain' => domain,
+                      'path' => path)
+    end
+  end
+
+
+  def test_cgi_cookie_newline_injection_into_name
+    name = "a=b;\r\nLocation: http://example.com#"
+    path = "/"
+    domain = "example.jp"
+    assert_raise(ArgumentError) do
+      CGI::Cookie.new('name' => name,
+                      'value' => "value",
+                      'domain' => domain,
+                      'path' => path)
+    end
+  end
+
+
+  def test_cgi_cookie_multibyte_injection_into_name
+    name = "a=b;\u3042"
+    path = "/"
+    domain = "example.jp"
+    assert_raise(ArgumentError) do
+      CGI::Cookie.new('name' => name,
+                      'value' => "value",
+                      'domain' => domain,
+                      'path' => path)
+    end
+  end
+
+
+  def test_cgi_cookie_injection_into_path
+    name = "name"
+    path = "/; samesite=none"
+    domain = "example.jp"
+    assert_raise(ArgumentError) do
+      CGI::Cookie.new('name' => name,
+                      'value' => "value",
+                      'domain' => domain,
+                      'path' => path)
+    end
+  end
+
+
+  def test_cgi_cookie_injection_into_domain
+    name = "name"
+    path = "/"
+    domain = "example.jp; samesite=none"
+    assert_raise(ArgumentError) do
+      CGI::Cookie.new('name' => name,
+                      'value' => "value",
+                      'domain' => domain,
+                      'path' => path)
+    end
+  end
+
 
   instance_methods.each do |method|
     private method if method =~ /^test_(.*)/ && $1 != ENV['TEST']
author	Nobuyoshi Nakada <nobu@ruby-lang.org>	2022-08-16 18:36:12 +0900
committer	git <svn-admin@ruby-lang.org>	2022-11-22 02:00:10 +0000
commit	c05f85f373ed48594d9bf08e11ae0c84c06062f7 (patch)
tree	3570c9348f62857ee80c23c3532c009cc8220584 /test/cgi
parent	cf05c202ce7716748c4f2f9c24b52fe7f12d40fc (diff)