Source file src/net/http/cookie.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	package http
     6	
     7	import (
     8		"log"
     9		"net"
    10		"strconv"
    11		"strings"
    12		"time"
    13	)
    14	
    15	// A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
    16	// HTTP response or the Cookie header of an HTTP request.
    17	//
    18	// See https://tools.ietf.org/html/rfc6265 for details.
    19	type Cookie struct {
    20		Name  string
    21		Value string
    22	
    23		Path       string    // optional
    24		Domain     string    // optional
    25		Expires    time.Time // optional
    26		RawExpires string    // for reading cookies only
    27	
    28		// MaxAge=0 means no 'Max-Age' attribute specified.
    29		// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
    30		// MaxAge>0 means Max-Age attribute present and given in seconds
    31		MaxAge   int
    32		Secure   bool
    33		HttpOnly bool
    34		SameSite SameSite
    35		Raw      string
    36		Unparsed []string // Raw text of unparsed attribute-value pairs
    37	}
    38	
    39	// SameSite allows a server to define a cookie attribute making it impossible for
    40	// the browser to send this cookie along with cross-site requests. The main
    41	// goal is to mitigate the risk of cross-origin information leakage, and provide
    42	// some protection against cross-site request forgery attacks.
    43	//
    44	// See https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 for details.
    45	type SameSite int
    46	
    47	const (
    48		SameSiteDefaultMode SameSite = iota + 1
    49		SameSiteLaxMode
    50		SameSiteStrictMode
    51		SameSiteNoneMode
    52	)
    53	
    54	// readSetCookies parses all "Set-Cookie" values from
    55	// the header h and returns the successfully parsed Cookies.
    56	func readSetCookies(h Header) []*Cookie {
    57		cookieCount := len(h["Set-Cookie"])
    58		if cookieCount == 0 {
    59			return []*Cookie{}
    60		}
    61		cookies := make([]*Cookie, 0, cookieCount)
    62		for _, line := range h["Set-Cookie"] {
    63			parts := strings.Split(strings.TrimSpace(line), ";")
    64			if len(parts) == 1 && parts[0] == "" {
    65				continue
    66			}
    67			parts[0] = strings.TrimSpace(parts[0])
    68			j := strings.Index(parts[0], "=")
    69			if j < 0 {
    70				continue
    71			}
    72			name, value := parts[0][:j], parts[0][j+1:]
    73			if !isCookieNameValid(name) {
    74				continue
    75			}
    76			value, ok := parseCookieValue(value, true)
    77			if !ok {
    78				continue
    79			}
    80			c := &Cookie{
    81				Name:  name,
    82				Value: value,
    83				Raw:   line,
    84			}
    85			for i := 1; i < len(parts); i++ {
    86				parts[i] = strings.TrimSpace(parts[i])
    87				if len(parts[i]) == 0 {
    88					continue
    89				}
    90	
    91				attr, val := parts[i], ""
    92				if j := strings.Index(attr, "="); j >= 0 {
    93					attr, val = attr[:j], attr[j+1:]
    94				}
    95				lowerAttr := strings.ToLower(attr)
    96				val, ok = parseCookieValue(val, false)
    97				if !ok {
    98					c.Unparsed = append(c.Unparsed, parts[i])
    99					continue
   100				}
   101				switch lowerAttr {
   102				case "samesite":
   103					lowerVal := strings.ToLower(val)
   104					switch lowerVal {
   105					case "lax":
   106						c.SameSite = SameSiteLaxMode
   107					case "strict":
   108						c.SameSite = SameSiteStrictMode
   109					case "none":
   110						c.SameSite = SameSiteNoneMode
   111					default:
   112						c.SameSite = SameSiteDefaultMode
   113					}
   114					continue
   115				case "secure":
   116					c.Secure = true
   117					continue
   118				case "httponly":
   119					c.HttpOnly = true
   120					continue
   121				case "domain":
   122					c.Domain = val
   123					continue
   124				case "max-age":
   125					secs, err := strconv.Atoi(val)
   126					if err != nil || secs != 0 && val[0] == '0' {
   127						break
   128					}
   129					if secs <= 0 {
   130						secs = -1
   131					}
   132					c.MaxAge = secs
   133					continue
   134				case "expires":
   135					c.RawExpires = val
   136					exptime, err := time.Parse(time.RFC1123, val)
   137					if err != nil {
   138						exptime, err = time.Parse("Mon, 02-Jan-2006 15:04:05 MST", val)
   139						if err != nil {
   140							c.Expires = time.Time{}
   141							break
   142						}
   143					}
   144					c.Expires = exptime.UTC()
   145					continue
   146				case "path":
   147					c.Path = val
   148					continue
   149				}
   150				c.Unparsed = append(c.Unparsed, parts[i])
   151			}
   152			cookies = append(cookies, c)
   153		}
   154		return cookies
   155	}
   156	
   157	// SetCookie adds a Set-Cookie header to the provided ResponseWriter's headers.
   158	// The provided cookie must have a valid Name. Invalid cookies may be
   159	// silently dropped.
   160	func SetCookie(w ResponseWriter, cookie *Cookie) {
   161		if v := cookie.String(); v != "" {
   162			w.Header().Add("Set-Cookie", v)
   163		}
   164	}
   165	
   166	// String returns the serialization of the cookie for use in a Cookie
   167	// header (if only Name and Value are set) or a Set-Cookie response
   168	// header (if other fields are set).
   169	// If c is nil or c.Name is invalid, the empty string is returned.
   170	func (c *Cookie) String() string {
   171		if c == nil || !isCookieNameValid(c.Name) {
   172			return ""
   173		}
   174		// extraCookieLength derived from typical length of cookie attributes
   175		// see RFC 6265 Sec 4.1.
   176		const extraCookieLength = 110
   177		var b strings.Builder
   178		b.Grow(len(c.Name) + len(c.Value) + len(c.Domain) + len(c.Path) + extraCookieLength)
   179		b.WriteString(c.Name)
   180		b.WriteRune('=')
   181		b.WriteString(sanitizeCookieValue(c.Value))
   182	
   183		if len(c.Path) > 0 {
   184			b.WriteString("; Path=")
   185			b.WriteString(sanitizeCookiePath(c.Path))
   186		}
   187		if len(c.Domain) > 0 {
   188			if validCookieDomain(c.Domain) {
   189				// A c.Domain containing illegal characters is not
   190				// sanitized but simply dropped which turns the cookie
   191				// into a host-only cookie. A leading dot is okay
   192				// but won't be sent.
   193				d := c.Domain
   194				if d[0] == '.' {
   195					d = d[1:]
   196				}
   197				b.WriteString("; Domain=")
   198				b.WriteString(d)
   199			} else {
   200				log.Printf("net/http: invalid Cookie.Domain %q; dropping domain attribute", c.Domain)
   201			}
   202		}
   203		var buf [len(TimeFormat)]byte
   204		if validCookieExpires(c.Expires) {
   205			b.WriteString("; Expires=")
   206			b.Write(c.Expires.UTC().AppendFormat(buf[:0], TimeFormat))
   207		}
   208		if c.MaxAge > 0 {
   209			b.WriteString("; Max-Age=")
   210			b.Write(strconv.AppendInt(buf[:0], int64(c.MaxAge), 10))
   211		} else if c.MaxAge < 0 {
   212			b.WriteString("; Max-Age=0")
   213		}
   214		if c.HttpOnly {
   215			b.WriteString("; HttpOnly")
   216		}
   217		if c.Secure {
   218			b.WriteString("; Secure")
   219		}
   220		switch c.SameSite {
   221		case SameSiteDefaultMode:
   222			b.WriteString("; SameSite")
   223		case SameSiteNoneMode:
   224			b.WriteString("; SameSite=None")
   225		case SameSiteLaxMode:
   226			b.WriteString("; SameSite=Lax")
   227		case SameSiteStrictMode:
   228			b.WriteString("; SameSite=Strict")
   229		}
   230		return b.String()
   231	}
   232	
   233	// readCookies parses all "Cookie" values from the header h and
   234	// returns the successfully parsed Cookies.
   235	//
   236	// if filter isn't empty, only cookies of that name are returned
   237	func readCookies(h Header, filter string) []*Cookie {
   238		lines := h["Cookie"]
   239		if len(lines) == 0 {
   240			return []*Cookie{}
   241		}
   242	
   243		cookies := make([]*Cookie, 0, len(lines)+strings.Count(lines[0], ";"))
   244		for _, line := range lines {
   245			line = strings.TrimSpace(line)
   246	
   247			var part string
   248			for len(line) > 0 { // continue since we have rest
   249				if splitIndex := strings.Index(line, ";"); splitIndex > 0 {
   250					part, line = line[:splitIndex], line[splitIndex+1:]
   251				} else {
   252					part, line = line, ""
   253				}
   254				part = strings.TrimSpace(part)
   255				if len(part) == 0 {
   256					continue
   257				}
   258				name, val := part, ""
   259				if j := strings.Index(part, "="); j >= 0 {
   260					name, val = name[:j], name[j+1:]
   261				}
   262				if !isCookieNameValid(name) {
   263					continue
   264				}
   265				if filter != "" && filter != name {
   266					continue
   267				}
   268				val, ok := parseCookieValue(val, true)
   269				if !ok {
   270					continue
   271				}
   272				cookies = append(cookies, &Cookie{Name: name, Value: val})
   273			}
   274		}
   275		return cookies
   276	}
   277	
   278	// validCookieDomain reports whether v is a valid cookie domain-value.
   279	func validCookieDomain(v string) bool {
   280		if isCookieDomainName(v) {
   281			return true
   282		}
   283		if net.ParseIP(v) != nil && !strings.Contains(v, ":") {
   284			return true
   285		}
   286		return false
   287	}
   288	
   289	// validCookieExpires reports whether v is a valid cookie expires-value.
   290	func validCookieExpires(t time.Time) bool {
   291		// IETF RFC 6265 Section 5.1.1.5, the year must not be less than 1601
   292		return t.Year() >= 1601
   293	}
   294	
   295	// isCookieDomainName reports whether s is a valid domain name or a valid
   296	// domain name with a leading dot '.'.  It is almost a direct copy of
   297	// package net's isDomainName.
   298	func isCookieDomainName(s string) bool {
   299		if len(s) == 0 {
   300			return false
   301		}
   302		if len(s) > 255 {
   303			return false
   304		}
   305	
   306		if s[0] == '.' {
   307			// A cookie a domain attribute may start with a leading dot.
   308			s = s[1:]
   309		}
   310		last := byte('.')
   311		ok := false // Ok once we've seen a letter.
   312		partlen := 0
   313		for i := 0; i < len(s); i++ {
   314			c := s[i]
   315			switch {
   316			default:
   317				return false
   318			case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z':
   319				// No '_' allowed here (in contrast to package net).
   320				ok = true
   321				partlen++
   322			case '0' <= c && c <= '9':
   323				// fine
   324				partlen++
   325			case c == '-':
   326				// Byte before dash cannot be dot.
   327				if last == '.' {
   328					return false
   329				}
   330				partlen++
   331			case c == '.':
   332				// Byte before dot cannot be dot, dash.
   333				if last == '.' || last == '-' {
   334					return false
   335				}
   336				if partlen > 63 || partlen == 0 {
   337					return false
   338				}
   339				partlen = 0
   340			}
   341			last = c
   342		}
   343		if last == '-' || partlen > 63 {
   344			return false
   345		}
   346	
   347		return ok
   348	}
   349	
   350	var cookieNameSanitizer = strings.NewReplacer("\n", "-", "\r", "-")
   351	
   352	func sanitizeCookieName(n string) string {
   353		return cookieNameSanitizer.Replace(n)
   354	}
   355	
   356	// https://tools.ietf.org/html/rfc6265#section-4.1.1
   357	// cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
   358	// cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
   359	//           ; US-ASCII characters excluding CTLs,
   360	//           ; whitespace DQUOTE, comma, semicolon,
   361	//           ; and backslash
   362	// We loosen this as spaces and commas are common in cookie values
   363	// but we produce a quoted cookie-value in when value starts or ends
   364	// with a comma or space.
   365	// See https://golang.org/issue/7243 for the discussion.
   366	func sanitizeCookieValue(v string) string {
   367		v = sanitizeOrWarn("Cookie.Value", validCookieValueByte, v)
   368		if len(v) == 0 {
   369			return v
   370		}
   371		if strings.IndexByte(v, ' ') >= 0 || strings.IndexByte(v, ',') >= 0 {
   372			return `"` + v + `"`
   373		}
   374		return v
   375	}
   376	
   377	func validCookieValueByte(b byte) bool {
   378		return 0x20 <= b && b < 0x7f && b != '"' && b != ';' && b != '\\'
   379	}
   380	
   381	// path-av           = "Path=" path-value
   382	// path-value        = <any CHAR except CTLs or ";">
   383	func sanitizeCookiePath(v string) string {
   384		return sanitizeOrWarn("Cookie.Path", validCookiePathByte, v)
   385	}
   386	
   387	func validCookiePathByte(b byte) bool {
   388		return 0x20 <= b && b < 0x7f && b != ';'
   389	}
   390	
   391	func sanitizeOrWarn(fieldName string, valid func(byte) bool, v string) string {
   392		ok := true
   393		for i := 0; i < len(v); i++ {
   394			if valid(v[i]) {
   395				continue
   396			}
   397			log.Printf("net/http: invalid byte %q in %s; dropping invalid bytes", v[i], fieldName)
   398			ok = false
   399			break
   400		}
   401		if ok {
   402			return v
   403		}
   404		buf := make([]byte, 0, len(v))
   405		for i := 0; i < len(v); i++ {
   406			if b := v[i]; valid(b) {
   407				buf = append(buf, b)
   408			}
   409		}
   410		return string(buf)
   411	}
   412	
   413	func parseCookieValue(raw string, allowDoubleQuote bool) (string, bool) {
   414		// Strip the quotes, if present.
   415		if allowDoubleQuote && len(raw) > 1 && raw[0] == '"' && raw[len(raw)-1] == '"' {
   416			raw = raw[1 : len(raw)-1]
   417		}
   418		for i := 0; i < len(raw); i++ {
   419			if !validCookieValueByte(raw[i]) {
   420				return "", false
   421			}
   422		}
   423		return raw, true
   424	}
   425	
   426	func isCookieNameValid(raw string) bool {
   427		if raw == "" {
   428			return false
   429		}
   430		return strings.IndexFunc(raw, isNotToken) < 0
   431	}
   432	

View as plain text