Use SearchValues throughout dotnet/aspnetcore (part 2) (#54804)

* Using SearchValues in cookie header parser to find the end of the cookie value.

* Apply suggestions from code review

Co-authored-by: Günther Foidl <[email protected]>

* Update src/Http/Shared/CookieHeaderParserShared.cs

Co-authored-by: Andrew Casey <[email protected]>

---------

Co-authored-by: ladeak <[email protected]>
Co-authored-by: Günther Foidl <[email protected]>
Co-authored-by: Andrew Casey <[email protected]>

Author: 4 people

src/Http/Http/test/RequestCookiesCollectionTests.cs

@@ -37,11 +37,12 @@ public void ParseManyCookies()
     [InlineData("er=dd,err=cc,errr=bb", new[] { "dd", "cc", "bb" })]
     [InlineData("errorcookie=dd,:(\"sa;", new[] { "dd" })]
     [InlineData("s;", null)]
+    [InlineData("er=;,err=,errr=\\,errrr=\"", null)]
     public void ParseInvalidCookies(string cookieToParse, string[] expectedCookieValues)
     {
         var cookies = RequestCookieCollection.Parse(new StringValues(new[] { cookieToParse }));
 
-        if(expectedCookieValues == null)
+        if (expectedCookieValues == null)
         {
             Assert.Equal(0, cookies.Count);
             return;
@@ -54,4 +55,21 @@ public void ParseInvalidCookies(string cookieToParse, string[] expectedCookieVal
             Assert.Equal(value, cookies.ElementAt(i).Value);
         }
     }
+
+    [Fact]
+    public void AllExpectedCookieValueCharsPresent()
+    {
+        foreach (var c in Enumerable.Range(0x00, 0xFF).Select(x => (char)x))
+        {
+            var cookies = RequestCookieCollection.Parse(new StringValues(new[] { $"something={c}" }));
+            if (c < 0x21 || c > 0x7E || c == '\\' || c == ',' || c == ';' || c == '\"')
+            {
+                Assert.Equal(0, cookies.Count);
+            }
+            else
+            {
+                Assert.Equal(c.ToString(), cookies.Single().Value);
+            }
+        }
+    }
 }

src/Http/Shared/CookieHeaderParserShared.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Buffers;
 using System.Diagnostics.CodeAnalysis;
 using System.Diagnostics.Contracts;
 using Microsoft.Extensions.Primitives;
@@ -9,6 +10,11 @@ namespace Microsoft.Net.Http.Headers;
 
 internal static class CookieHeaderParserShared
 {
+    // cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
+    //                     ; US-ASCII characters excluding CTLs, whitespace, DQUOTE, comma, semicolon, and backslash
+    private static readonly SearchValues<char> CookieValueChar =
+        SearchValues.Create("!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~");
+
     public static bool TryParseValues(StringValues values, IDictionary<string, string> store, bool supportsMultipleValues)
     {
         // If a parser returns an empty list, it means there was no value, but that's valid (e.g. "Accept: "). The caller
@@ -192,15 +198,14 @@ internal static StringSegment GetCookieValue(StringSegment input, ref int offset
             offset++;
         }
 
-        while (offset < input.Length)
+        var delta = input.AsSpan(offset).IndexOfAnyExcept(CookieValueChar);
+        if (delta < 0)
         {
-            var c = input[offset];
-            if (!IsCookieValueChar(c))
-            {
-                break;
-            }
-
-            offset++;
+            offset = input.Length;
+        }
+        else
+        {
+            offset += delta;
         }
 
         if (inQuotes)
@@ -232,15 +237,4 @@ private static bool ReadEqualsSign(StringSegment input, ref int offset)
         offset++;
         return true;
     }
-
-    // cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
-    //                     ; US-ASCII characters excluding CTLs, whitespace DQUOTE, comma, semicolon, and backslash
-    private static bool IsCookieValueChar(char c)
-    {
-        if (c < 0x21 || c > 0x7E)
-        {
-            return false;
-        }
-        return !(c == '"' || c == ',' || c == ';' || c == '\\');
-    }
 }