From 2a125e17ad8f61dbe2b4fbc5df50e24abf8afc93 Mon Sep 17 00:00:00 2001 From: delta456 Date: Wed, 11 Sep 2024 16:45:47 +0530 Subject: [PATCH 1/7] java/cookie: escape cookie values when required --- .../environment/webserver/CookieHandler.java | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java index a6abb8ca9c10a..2cbd3daf8d4b9 100644 --- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java +++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java @@ -116,9 +116,9 @@ private Collection getCookies(HttpRequest request) { private void addCookie(HttpResponse response, Cookie cook) { StringBuilder cookie = new StringBuilder(); - // TODO: escape string as necessary - String name = cook.getName(); - cookie.append(name).append("=").append(cook.getValue()).append("; "); + String name = escapeCookieValue(cook.getName()); + String value = escapeCookieValue(cook.getValue()); + cookie.append(name).append("=").append(value).append("; "); append(cookie, cook.getDomain(), str -> "Domain=" + str); append(cookie, cook.getPath(), str -> "Path=" + str); @@ -191,4 +191,16 @@ private Cookie parse(String cookieString) { return builder.build(); } + private String escapeCookieValue(String value) { + if (value == null) { + return ""; + } + + return value.replace("\\", "\\\\") + .replace("\"", "\\\"") + .replace(";", "\\;") + .replace(",", "\\,") + .replace("\r", "") + .replace("\n", ""); + } } From f45a4b6a151b67bd7c4fa29ce94a0ebfcc349df6 Mon Sep 17 00:00:00 2001 From: delta456 Date: Wed, 11 Sep 2024 22:08:00 +0530 Subject: [PATCH 2/7] add xss escaping --- .../selenium/environment/webserver/CookieHandler.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java index 2cbd3daf8d4b9..8514781951cf5 100644 --- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java +++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java @@ -192,7 +192,7 @@ private Cookie parse(String cookieString) { return builder.build(); } private String escapeCookieValue(String value) { - if (value == null) { + if (value == null || value.isEmpty()) { return ""; } @@ -201,6 +201,9 @@ private String escapeCookieValue(String value) { .replace(";", "\\;") .replace(",", "\\,") .replace("\r", "") - .replace("\n", ""); + .replace("\n", "") + .replace("<", "<") + .replace(">", ">") + .replace("&", "&"); } } From c8167f56634ad5e0bcd8ba10092dab0893c12fb0 Mon Sep 17 00:00:00 2001 From: Puja Jagani Date: Mon, 16 Sep 2024 10:57:44 +0530 Subject: [PATCH 3/7] Fix formatting --- .../environment/webserver/CookieHandler.java | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java index 8514781951cf5..47152ed6d0380 100644 --- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java +++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java @@ -191,19 +191,21 @@ private Cookie parse(String cookieString) { return builder.build(); } + private String escapeCookieValue(String value) { if (value == null || value.isEmpty()) { return ""; } - return value.replace("\\", "\\\\") - .replace("\"", "\\\"") - .replace(";", "\\;") - .replace(",", "\\,") - .replace("\r", "") - .replace("\n", "") - .replace("<", "<") - .replace(">", ">") - .replace("&", "&"); + return value + .replace("\\", "\\\\") + .replace("\"", "\\\"") + .replace(";", "\\;") + .replace(",", "\\,") + .replace("\r", "") + .replace("\n", "") + .replace("<", "<") + .replace(">", ">") + .replace("&", "&"); } } From 1146b4c475ed7277c0ec7e8e94240f36d9b1890c Mon Sep 17 00:00:00 2001 From: delta456 Date: Mon, 16 Sep 2024 14:36:52 +0530 Subject: [PATCH 4/7] use string builder --- .../environment/webserver/CookieHandler.java | 45 ++++++++++++++----- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java index 47152ed6d0380..7f6b55fc01532 100644 --- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java +++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java @@ -191,21 +191,44 @@ private Cookie parse(String cookieString) { return builder.build(); } - private String escapeCookieValue(String value) { if (value == null || value.isEmpty()) { return ""; } - return value - .replace("\\", "\\\\") - .replace("\"", "\\\"") - .replace(";", "\\;") - .replace(",", "\\,") - .replace("\r", "") - .replace("\n", "") - .replace("<", "<") - .replace(">", ">") - .replace("&", "&"); + StringBuilder cookieValue = new StringBuilder(); + + for (char c : value.toCharArray()) { + switch (c) { + case '\\': + cookieValue.append("\\\\"); + break; + case '"': + cookieValue.append("\\\""); + break; + case ';': + cookieValue.append("\\;"); + break; + case ',': + cookieValue.append("\\,"); + break; + case '\r': + case '\n': + // Skip carriage return and newline characters + break; + case '<': + cookieValue.append("<"); + break; + case '>': + cookieValue.append(">"); + break; + case '&': + cookieValue.append("&"); + break; + default: + cookieValue.append(c); // Append safe characters as they are + } + } + return cookieValue.toString(); } } From 1e06b9cc1ad0d8dbcac08650d55a8ddb0e4cadaa Mon Sep 17 00:00:00 2001 From: delta456 Date: Mon, 16 Sep 2024 16:27:18 +0530 Subject: [PATCH 5/7] py/test/webdriver/network.py: remove python 2 code --- py/test/selenium/webdriver/common/network.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/py/test/selenium/webdriver/common/network.py b/py/test/selenium/webdriver/common/network.py index a51da9d106ef2..e63c203fe4e19 100644 --- a/py/test/selenium/webdriver/common/network.py +++ b/py/test/selenium/webdriver/common/network.py @@ -25,10 +25,7 @@ def get_interface_ip(ifname): def _bytes(value, encoding): - try: - return bytes(value, encoding) # Python 3 - except TypeError: - return value # Python 2 + return bytes(value, encoding) sckt = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) return socket.inet_ntoa( From 419143fade7be1627949449af790d708e845d507 Mon Sep 17 00:00:00 2001 From: delta456 Date: Mon, 16 Sep 2024 16:32:05 +0530 Subject: [PATCH 6/7] remove java code --- .../environment/webserver/CookieHandler.java | 45 +------------------ 1 file changed, 2 insertions(+), 43 deletions(-) diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java index 7f6b55fc01532..7178852db0ad2 100644 --- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java +++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java @@ -116,9 +116,8 @@ private Collection getCookies(HttpRequest request) { private void addCookie(HttpResponse response, Cookie cook) { StringBuilder cookie = new StringBuilder(); - String name = escapeCookieValue(cook.getName()); - String value = escapeCookieValue(cook.getValue()); - cookie.append(name).append("=").append(value).append("; "); + String name = cook.getName(); + cookie.append(name).append("=").append(cook.getValue()).append("; "); append(cookie, cook.getDomain(), str -> "Domain=" + str); append(cookie, cook.getPath(), str -> "Path=" + str); @@ -191,44 +190,4 @@ private Cookie parse(String cookieString) { return builder.build(); } - private String escapeCookieValue(String value) { - if (value == null || value.isEmpty()) { - return ""; - } - - StringBuilder cookieValue = new StringBuilder(); - - for (char c : value.toCharArray()) { - switch (c) { - case '\\': - cookieValue.append("\\\\"); - break; - case '"': - cookieValue.append("\\\""); - break; - case ';': - cookieValue.append("\\;"); - break; - case ',': - cookieValue.append("\\,"); - break; - case '\r': - case '\n': - // Skip carriage return and newline characters - break; - case '<': - cookieValue.append("<"); - break; - case '>': - cookieValue.append(">"); - break; - case '&': - cookieValue.append("&"); - break; - default: - cookieValue.append(c); // Append safe characters as they are - } - } - return cookieValue.toString(); - } } From 97358579dd0ea72285d464c0d1655ec59e3203c8 Mon Sep 17 00:00:00 2001 From: delta456 Date: Mon, 16 Sep 2024 16:32:41 +0530 Subject: [PATCH 7/7] restore --- .../org/openqa/selenium/environment/webserver/CookieHandler.java | 1 + 1 file changed, 1 insertion(+) diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java index 7178852db0ad2..a6abb8ca9c10a 100644 --- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java +++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java @@ -116,6 +116,7 @@ private Collection getCookies(HttpRequest request) { private void addCookie(HttpResponse response, Cookie cook) { StringBuilder cookie = new StringBuilder(); + // TODO: escape string as necessary String name = cook.getName(); cookie.append(name).append("=").append(cook.getValue()).append("; ");