From 71c75ae9982d9ab1b17f784e3090c5b0d6c68c79 Mon Sep 17 00:00:00 2001 From: Anshul Sinha Date: Tue, 1 Apr 2025 19:22:07 +0530 Subject: [PATCH] fix cookie value sanitization tests --- ctx_test.go | 4 +--- middleware/keyauth/keyauth_test.go | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ctx_test.go b/ctx_test.go index 71b0e89a..c484d11e 100644 --- a/ctx_test.go +++ b/ctx_test.go @@ -1027,6 +1027,7 @@ func Benchmark_Ctx_Cookie(b *testing.B) { } // go test -run Test_Ctx_Cookies +// Semicolons cannot be part of cookie values because they're used as cookie delimiters in HTTP spec func Test_Ctx_Cookies(t *testing.T) { t.Parallel() app := New() @@ -1042,9 +1043,6 @@ func Test_Ctx_Cookies(t *testing.T) { c.Request().Header.Set("Cookie", "quotes=value\"with\"quotes") require.Equal(t, "valuewithquotes", c.Req().Cookies("quotes")) - c.Request().Header.Set("Cookie", "semicolons=value;with;semicolons") - require.Equal(t, "valuewithsemicolons", c.Req().Cookies("semicolons")) - c.Request().Header.Set("Cookie", "backslash=value\\with\\backslash") require.Equal(t, "valuewithbackslash", c.Req().Cookies("backslash")) } diff --git a/middleware/keyauth/keyauth_test.go b/middleware/keyauth/keyauth_test.go index 72c9d3c1..8edf6a21 100644 --- a/middleware/keyauth/keyauth_test.go +++ b/middleware/keyauth/keyauth_test.go @@ -12,7 +12,7 @@ import ( "github.com/stretchr/testify/require" ) -const CorrectKey = "specials: !$%,.#\"!?~`<>@$^*(){}[]|/\\123" +const CorrectKey = "specials: !$%.#!?~`<>@$^*(){}[]|/123" var testConfig = fiber.TestConfig{ Timeout: 0,