Closed
Bug 1792961
Opened 3 years ago
Closed 3 years ago
[wpt-sync] Sync PR 36138 - Add WPT for nameless cookies impersonating cookie prefixes
Categories
(Core :: Networking: Cookies, task, P4)
Core
Networking: Cookies
Tracking
()
RESOLVED
FIXED
107 Branch
| Tracking | Status | |
|---|---|---|
| firefox107 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 36138 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/36138
Details from upstream follow.
sbingler <bingler@chromium.org> wrote:
Add WPT for nameless cookies impersonating cookie prefixes
Adds a test case to confirm that nameless cookies cannot impersonate
a cookie using a name prefix.Bug: 1356760, 1354090
Change-Id: I1c6561f404afc76f592fa6ef63c4e2d572fc88e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3923534
Reviewed-by: Maks Orlovich \<morlovich@chromium.org>
Commit-Queue: Steven Bingler \<bingler@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1052465}
|
Assignee | |
Updated•3 years ago
|
Component: web-platform-tests → Networking: Cookies
Product: Testing → Core
|
|
Assignee | |
Updated•3 years ago
|
Whiteboard: [wptsync downstream] → [wptsync downstream error]
|
|
Assignee | |
Updated•3 years ago
|
Whiteboard: [wptsync downstream error] → [wptsync downstream]
|
|
Assignee | |
Comment 1•3 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=8b02f4f1259485eb140980514ee01bbe6ebecdbe
|
|
Assignee | |
Comment 2•3 years ago
|
||
CI Results
Ran 10 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests and 45 subtests
Status Summary
Firefox
OK : 1
PASS: 4
FAIL: 41
Chrome
OK : 1
PASS: 44
FAIL: 1
Safari
OK : 1
PASS: 30
FAIL: 15
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
Firefox-only Failures
- /cookies/name/name.html [wpt.fyi]
- Remove trailing WSP characters from the name string:
FAIL - Remove leading WSP characters from the name string:
FAIL - Only return the new cookie (with the same name):
FAIL - Ignore invalid attributes after valid name (that looks like Cookie2 Version attribute):
FAIL - Set a cookie that has whitespace in its name:
FAIL - Use last value for cookies with identical names:
FAIL - Keep first-in, first-out name order:
FAIL - Keep first-in, first-out single-char name order:
FAIL - Ignore cookie with empty name and empty value:
FAIL - Ignore cookie with no name or value:
FAIL - URL-encoded cookie name is not decoded:
FAIL - Name is set as expected for a=test:
FAIL - Name is set as expected for 1=test:
FAIL - Name is set as expected for $=test:
FAIL - Name is set as expected for !a=test:
FAIL - Name is set as expected for @a=test:
FAIL - Name is set as expected for #a=test:
FAIL - Name is set as expected for $a=test:
FAIL - Name is set as expected for %a=test:
FAIL - Name is set as expected for ^a=test:
FAIL - Name is set as expected for &a=test:
FAIL - Name is set as expected for *a=test:
FAIL - Name is set as expected for (a=test:
FAIL - Name is set as expected for )a=test:
FAIL - Name is set as expected for -a=test:
FAIL - Name is set as expected for _a=test:
FAIL - Name is set as expected for +=test:
FAIL - Name is set as expected for "a=test:
FAIL
- Remove trailing WSP characters from the name string:
New Tests That Don't Pass
- /cookies/name/name.html [wpt.fyi]
- Remove trailing WSP characters from the name string:
FAIL(Chrome:PASS, Safari:PASS) - Remove leading WSP characters from the name string:
FAIL(Chrome:PASS, Safari:PASS) - Only return the new cookie (with the same name):
FAIL(Chrome:PASS, Safari:PASS) - Ignore invalid attributes after nameless cookie:
FAIL(Chrome:PASS, Safari:FAIL) - Ignore invalid attributes after valid name (that looks like Cookie2 Version attribute):
FAIL(Chrome:PASS, Safari:PASS) - Set a cookie that has whitespace in its name:
FAIL(Chrome:PASS, Safari:PASS) - Set a nameless cookie ignoring characters after first ;:
FAIL(Chrome:PASS, Safari:FAIL) - Set a nameless cookie ignoring characters after first ; (2):
FAIL(Chrome:PASS, Safari:FAIL) - Return the most recent nameless cookie:
FAIL(Chrome:PASS, Safari:FAIL) - Return the most recent nameless cookie, without leading =:
FAIL(Chrome:PASS, Safari:FAIL) - Return the most recent nameless cookie, even if preceded by =:
FAIL(Chrome:PASS, Safari:FAIL) - Return the most recent nameless cookie, even if preceded by =, in addition to other valid cookie:
FAIL(Chrome:PASS, Safari:FAIL) - Use last value for cookies with identical names:
FAIL(Chrome:PASS, Safari:PASS) - Keep first-in, first-out name order:
FAIL(Chrome:PASS, Safari:PASS) - Keep first-in, first-out single-char name order:
FAIL(Chrome:PASS, Safari:PASS) - Keep non-alphabetic first-in, first-out name order:
FAIL(Chrome:PASS, Safari:FAIL) - Keep first-in, first-out order if comma-separated:
FAIL(Chrome:PASS, Safari:FAIL) - Set nameless cookie, given
Set-Cookie: =test16:FAIL(Chrome:PASS, Safari:FAIL) - Overwrite nameless cookie:
FAIL(Chrome:PASS, Safari:FAIL) - Ignore nameless cookies that impersonate cookie prefixes:
FAIL(Chrome:FAIL, Safari:PASS) - Ignore cookie with empty name and empty value:
FAIL(Chrome:PASS, Safari:PASS) - Ignore cookie with no name or value:
FAIL(Chrome:PASS, Safari:PASS) - URL-encoded cookie name is not decoded:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for 1=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for $=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for !a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for @a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for #a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for $a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for %a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for ^a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for &a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for *a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for (a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for )a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for -a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for _a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for +=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for "a=test:
FAIL(Chrome:PASS, Safari:PASS) - Name is set as expected for "a=b"=test:
FAIL(Chrome:PASS, Safari:FAIL)
- Remove trailing WSP characters from the name string:
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/be653a7c2a09
[wpt PR 36138] - Add WPT for nameless cookies impersonating cookie prefixes, a=testonly
https://hg.mozilla.org/integration/autoland/rev/2d26ab9f2b5e
[wpt PR 36138] - Update wpt metadata, a=testonly
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/be653a7c2a09
https://hg.mozilla.org/mozilla-central/rev/2d26ab9f2b5e
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox107:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 107 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•