jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: svn commit: r1299631 - in /jmeter/trunk: src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java xdocs/changes.xml
Date Mon, 12 Mar 2012 17:27:43 GMT
On 12 March 2012 17:08, Philippe Mouawad <philippe.mouawad@gmail.com> wrote:
> Hello Sebb,
> You mean we will get ;; ?

Yes, or ; ;

> But previous code didn't handle that case better I think as it just removed
> " secure".

Agreed, that's mainly why the previous code caused the problem.

Had it removed "; secure" it could not have matched (the start of) a
cookie name, as these only appear before the first ";"

Even with the leading "; " there is still some room for incorrect
header mangling, as a cookie value could potentially contain the
string.

But it's pretty unlikely, and would (now) only apply to spoofing which
should not be needed much anyway, so it's probably not worth parsing
the cookie more carefully.

> Regards
> Philippe
>
> On Mon, Mar 12, 2012 at 6:05 PM, sebb <sebbaz@gmail.com> wrote:
>
>> On 12 March 2012 11:29,  <pmouawad@apache.org> wrote:
>> > Author: pmouawad
>> > Date: Mon Mar 12 11:29:51 2012
>> > New Revision: 1299631
>> >
>> > URL: http://svn.apache.org/viewvc?rev=1299631&view=rev
>> > Log:
>> > Bug 52886 - Proxy : Recording issues with HTTPS when spoofing is on,
>> secure cookies are not always changed
>> >
>> > Modified:
>> >
>>  jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
>> >    jmeter/trunk/xdocs/changes.xml
>> >
>> > Modified:
>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
>> > URL:
>> http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java?rev=1299631&r1=1299630&r2=1299631&view=diff
>> >
>> ==============================================================================
>> > ---
>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
>> (original)
>> > +++
>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
>> Mon Mar 12 11:29:51 2012
>> > @@ -38,6 +38,7 @@ import java.security.UnrecoverableKeyExc
>> >  import java.security.cert.CertificateException;
>> >  import java.util.HashMap;
>> >  import java.util.Map;
>> > +import java.util.regex.Pattern;
>> >
>> >  import javax.net.ssl.KeyManagerFactory;
>> >  import javax.net.ssl.SSLContext;
>> > @@ -111,6 +112,8 @@ public class Proxy extends Thread {
>> >
>> >     private static final SamplerCreatorFactory factory = new
>> SamplerCreatorFactory();
>> >
>> > +    private static final Pattern COOKIE_SECURE_PATTERN =
>> Pattern.compile("\\bsecure\\b", Pattern.CASE_INSENSITIVE);
>>
>> I thought the secure qualifier had to be prefixed with ";" (semi-colon)?
>>
>> If we just remove "secure", that won't fully tidy up the header line,
>> and some picky servers may object/misparse the line.
>>
>> > +
>> >     // Use with SSL connection
>> >     private OutputStream outStreamClient = null;
>> >
>> > @@ -498,7 +501,7 @@ public class Proxy extends Thread {
>> >                 }
>> >                 if (forcedHTTPS &&
>> (HTTPConstants.HEADER_COOKIE.equalsIgnoreCase(parts[0]) ||
>> HTTPConstants.HEADER_SET_COOKIE.equalsIgnoreCase(parts[0])))
>> >                 {
>> > -                    headerLines[i]=headerLines[i].replaceAll(" secure",
>> "").trim(); //in forced https cookies need to be unsecured...
>> > +
>>  headerLines[i]=COOKIE_SECURE_PATTERN.matcher(headerLines[i]).replaceAll("").trim();
>> //in forced https cookies need to be unsecured...
>> >                 }
>> >             }
>> >         }
>> >
>> > Modified: jmeter/trunk/xdocs/changes.xml
>> > URL:
>> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1299631&r1=1299630&r2=1299631&view=diff
>> >
>> ==============================================================================
>> > --- jmeter/trunk/xdocs/changes.xml (original)
>> > +++ jmeter/trunk/xdocs/changes.xml Mon Mar 12 11:29:51 2012
>> > @@ -75,6 +75,7 @@ When doing replacement of User Defined V
>> >  <li>Bug 52796 - MonitorHandler fails to clear variables when starting
a
>> new parse</li>
>> >  <li>Bug 52871 - Multiple Certificates not working with HTTP Client
>> 4</li>
>> >  <li>Bug 52885 - Proxy : Recording issues with HTTPS, cookies starting
>> with secure are partly truncated</li>
>> > +<li>Bug 52886 - Proxy : Recording issues with HTTPS when spoofing is
>> on, secure cookies are not always changed</li>
>> >  </ul>
>> >
>> >  <h3>Other Samplers</h3>
>> >
>> >
>>
>
>
>
> --
> Cordialement.
> Philippe Mouawad.

Mime
View raw message