packages/rubygem-actionpack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rubygem-actionpack/CVE-2023-22792-test.patch
starlet-dx f8926e685f Fix CVE-2023-22792 and CVE-2023-22795 
(cherry picked from commit 67a89aa21ad5d94b119a294f28816492a8234e61)
2024-02-05 12:58:20 +08:00

59 lines
2.4 KiB
Diff
Raw Blame History

diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
index 23716c0aeb7b6..6f4b78c7208ea 100644
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@@ -247,6 +247,11 @@ def set_cookie_with_domain_and_tld
head :ok
end
+ def set_cookie_with_domain_and_longer_tld
+ cookies[:user_name] = { value: "rizwanreza", domain: :all, tld_length: 4 }
+ head :ok
+ end
+
def delete_cookie_with_domain_and_tld
cookies.delete(:user_name, domain: :all, tld_length: 2)
head :ok
@@ -1044,6 +1049,13 @@ def test_cookie_with_all_domain_option_using_australian_style_tld
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com.au; path=/; SameSite=Lax"
end
+ def test_cookie_with_all_domain_option_using_australian_style_tld_and_two_subdomains
+ @request.host = "x.nextangle.com.au"
+ get :set_cookie_with_domain
+ assert_response :success
+ assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com.au; path=/; SameSite=Lax"
+ end
+
def test_cookie_with_all_domain_option_using_uk_style_tld
@request.host = "nextangle.co.uk"
get :set_cookie_with_domain
@@ -1051,6 +1063,13 @@ def test_cookie_with_all_domain_option_using_uk_style_tld
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/; SameSite=Lax"
end
+ def test_cookie_with_all_domain_option_using_uk_style_tld_and_two_subdomains
+ @request.host = "x.nextangle.co.uk"
+ get :set_cookie_with_domain
+ assert_response :success
+ assert_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/; SameSite=Lax"
+ end
+
def test_cookie_with_all_domain_option_using_host_with_port
@request.host = "nextangle.local:3000"
get :set_cookie_with_domain
@@ -1113,6 +1132,13 @@ def test_cookie_with_all_domain_option_using_host_with_port_and_tld_length
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/; SameSite=Lax"
end
+ def test_cookie_with_all_domain_option_using_longer_tld_length
+ @request.host = "x.y.z.t.com"
+ get :set_cookie_with_domain_and_longer_tld
+ assert_response :success
+ assert_cookie_header "user_name=rizwanreza; domain=.y.z.t.com; path=/; SameSite=Lax"
+ end
+
def test_deleting_cookie_with_all_domain_option_and_tld_length
request.cookies[:user_name] = "Joe"
get :delete_cookie_with_domain_and_tld
Reference in New Issue View Git Blame Copy Permalink