diff options
| -rw-r--r-- | libmproxy/models/http.py | 18 | ||||
| -rw-r--r-- | test/test_flow.py | 5 |
2 files changed, 19 insertions, 4 deletions
diff --git a/libmproxy/models/http.py b/libmproxy/models/http.py index 30863170..dfa3a824 100644 --- a/libmproxy/models/http.py +++ b/libmproxy/models/http.py @@ -354,7 +354,10 @@ class HTTPResponse(MessageMixin, Response): Takes a cookie string c and a time delta in seconds, and returns a refreshed cookie string. """ - c = Cookie.SimpleCookie(str(c)) + try: + c = Cookie.SimpleCookie(str(c)) + except Cookie.CookieError: + raise ValueError("Invalid Cookie") for i in c.values(): if "expires" in i: d = parsedate_tz(i["expires"]) @@ -369,7 +372,10 @@ class HTTPResponse(MessageMixin, Response): # appear to parse this tolerantly - maybe we should too. # For now, we just ignore this. del i["expires"] - return c.output(header="").strip() + ret = c.output(header="").strip() + if not ret: + raise ValueError("Invalid Cookie") + return ret def refresh(self, now=None): """ @@ -394,8 +400,12 @@ class HTTPResponse(MessageMixin, Response): new = mktime_tz(d) + delta self.headers[i] = formatdate(new) c = [] - for i in self.headers.get_all("set-cookie"): - c.append(self._refresh_cookie(i, delta)) + for set_cookie_header in self.headers.get_all("set-cookie"): + try: + refreshed = self._refresh_cookie(set_cookie_header, delta) + except ValueError: + refreshed = set_cookie_header + c.append(refreshed) if c: self.headers.set_all("set-cookie", c) diff --git a/test/test_flow.py b/test/test_flow.py index 1d5cc354..d052a8e8 100644 --- a/test/test_flow.py +++ b/test/test_flow.py @@ -1155,6 +1155,11 @@ class TestResponse: c = "MOO=BAR; Expires=Tue, 08-Mar-2011 00:20:38 GMT; Path=foo.com; Secure" assert "00:21:38" in r._refresh_cookie(c, 60) + # https://github.com/mitmproxy/mitmproxy/issues/773 + c = ">=A" + with tutils.raises(ValueError): + r._refresh_cookie(c, 60) + def test_replace(self): r = HTTPResponse.wrap(netlib.tutils.tresp()) r.headers["Foo"] = "fOo" |