cookie解析有误
18309225600 opened this issue · comments
/**
* Take any client cookies that were originally from the proxy and prepare them to send to the
* proxy. This relies on cookie headers being set correctly according to RFC 6265 Sec 5.4.
* This also blocks any local cookies from being sent to the proxy.
*/
protected String getRealCookie(String cookieValue) {
StringBuilder escapedCookie = new StringBuilder();
String cookies[] = cookieValue.split("[;,]");
for (String cookie : cookies) {
String cookieSplit[] = cookie.split("=");
if (cookieSplit.length == 2) {
String cookieName = cookieSplit[0].trim();
if (cookieName.startsWith(getCookieNamePrefix(cookieName))) {
cookieName = cookieName.substring(getCookieNamePrefix(cookieName).length());
if (escapedCookie.length() > 0) {
escapedCookie.append("; ");
}
escapedCookie.append(cookieName).append("=").append(cookieSplit[1].trim());
}
}
}
return escapedCookie.toString();
}
这个方法中String cookieSplit[] = cookie.split("="); 这一行,使用“=”分割是不健壮的,如果cookie的value中正好含有“=”,那么就会出错,例如我在访问某个交换机的http网站服务时,有个cookie是这样的:index==0b=06=0AB00=0R
建议找到第一个“=”然后使用substring截取,以下是我重写后的:
@Override
protected String getRealCookie(String cookieValue) {
StringBuilder escapedCookie = new StringBuilder();
String cookies[] = cookieValue.split("[;,]");
for (String cookie : cookies) {
int index = cookie.indexOf("=");
if (index>0){
String cookieName = cookie.substring(0,index).trim();
if (escapedCookie.length() > 0) {
escapedCookie.append("; ");
}
escapedCookie.append(cookieName).append("=").append(cookie.substring(index+1).trim());
}
}
return escapedCookie.toString();
}
I'm sorry, but I do not read Chinese :-/
不是吧,整个翻译软件翻译翻译呀
18309225600@163.com
发件人: David Smiley
发送时间: 2020-09-22 20:18
收件人: mitre/HTTP-Proxy-Servlet
抄送: 18309225600; Author
主题: Re: [mitre/HTTP-Proxy-Servlet] cookie解析有误 (#175)
I'm sorry, but I do not read Chinese :-/
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.