Support deeper levels of subdomains from RFC 6265 #35

markcatley · 2020-05-08T05:30:01Z

Closes #25

houndci-bot · 2020-05-08T05:30:05Z

spec/cookie_validation_spec.rb

      expect(CookieValidation.hostname_reach('github.com')).to be_nil
    end
+    it 'should return nil for a two part tld' do
+      expect(CookieValidation.hostname_reach('co.nz')).to be_nil


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

houndci-bot · 2020-05-08T05:30:06Z

spec/cookie_validation_spec.rb

    it 'should return nil for a root domain' do
      expect(CookieValidation.hostname_reach('github.com')).to be_nil
    end
+    it 'should return nil for a two part tld' do


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

houndci-bot · 2020-05-08T05:30:06Z

spec/cookie_validation_spec.rb

-    it 'should not match superdomains, or illegal domains' do
-      expect(CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com')).to be_nil
+    it 'should not match tlds, or illegal domains' do
+      expect(CookieValidation.domains_match('.com', 'x.y.z.foo.com')).to be_nil


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

houndci-bot · 2020-05-08T05:30:06Z

spec/cookie_validation_spec.rb

    end
-    it 'should not match superdomains, or illegal domains' do
-      expect(CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com')).to be_nil
+    it 'should not match tlds, or illegal domains' do


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

houndci-bot · 2020-05-08T05:30:06Z

spec/cookie_validation_spec.rb

    it 'should handle matching a superdomain' do
      expect(CookieValidation.domains_match('.foo.com', 'auth.foo.com')).to eq '.foo.com'
      expect(CookieValidation.domains_match('.y.z.foo.com', 'x.y.z.foo.com')).to eq '.y.z.foo.com'
+      expect(CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com')).to eq '.z.foo.com'


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Metrics/LineLength: Line is too long. [94/80]

houndci-bot · 2020-05-08T05:30:06Z

spec/cookie_validation_spec.rb

        ['zero.local', '.zero.local', '.local'])
    end
+    it 'should handle multi-part tlds' do
+      expect(CookieValidation.compute_search_domains('http://foo.co.nz/')).to eq(


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Metrics/LineLength: Line is too long. [81/80]

houndci-bot · 2020-05-08T05:30:07Z

spec/cookie_validation_spec.rb

      expect(CookieValidation.compute_search_domains('http://zero/')).to eq(
        ['zero.local', '.zero.local', '.local'])
    end
+    it 'should handle multi-part tlds' do


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

houndci-bot · 2020-05-08T05:30:07Z

spec/cookie_validation_spec.rb

    it 'should handle subdomains' do
      expect(CookieValidation.compute_search_domains('http://www.auth.foo.com/')).to eq(
-        ['www.auth.foo.com', '.www.auth.foo.com', '.auth.foo.com'])
+        ['www.auth.foo.com', '.www.auth.foo.com', '.auth.foo.com', '.foo.com'])


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Layout/MultilineMethodCallBraceLayout: Closing method call brace must be on the line after the last argument when opening brace is on a separate line from the first argument.

houndci-bot · 2020-05-08T05:30:07Z

lib/cookiejar/cookie_validation.rb

      host = host.downcase
      match = BASE_HOSTNAME.match host
-      match[1] if match
+      match[1] if match && (PublicSuffix.valid?(match[1]) || match[1] == 'local')


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Metrics/LineLength: Line is too long. [81/80]

houndci-bot · 2020-05-08T05:30:07Z

lib/cookiejar/cookie_validation.rb

 # frozen_string_literal: true
 require 'cgi'
 require 'uri'
+require 'public_suffix'


Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

rywall · 2020-10-08T15:56:10Z

@dwaite Can I do anything to help get this merged?

michaelwnyc · 2020-12-29T19:19:59Z

Possible to get this one merged?

Support deeper levels of subdomains from RFC 6265

b9ab108

Closes dwaite#25

houndci-bot reviewed May 8, 2020

View reviewed changes

This was referenced May 8, 2020

[FIX] Bypass cookie validation #23

Open

Domain is inappropriate based on request URI hostname restforce/restforce#120

Open

Support deeper levels of subdomains from RFC 6265 #35

Are you sure you want to change the base?

Support deeper levels of subdomains from RFC 6265 #35

Uh oh!

Conversation

markcatley commented May 8, 2020

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

rywall commented Oct 8, 2020

Uh oh!

michaelwnyc commented Dec 29, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants