cookie解析有误

[changanmark]

/**
   * Take any client cookies that were originally from the proxy and prepare them to send to the
   * proxy.  This relies on cookie headers being set correctly according to RFC 6265 Sec 5.4.
   * This also blocks any local cookies from being sent to the proxy.
   */
  protected String getRealCookie(String cookieValue) {
    StringBuilder escapedCookie = new StringBuilder();
    String cookies[] = cookieValue.split("[;,]");
    for (String cookie : cookies) {
      String cookieSplit[] = cookie.split("=");
      if (cookieSplit.length == 2) {
        String cookieName = cookieSplit[0].trim();
        if (cookieName.startsWith(getCookieNamePrefix(cookieName))) {
          cookieName = cookieName.substring(getCookieNamePrefix(cookieName).length());
          if (escapedCookie.length() > 0) {
            escapedCookie.append("; ");
          }
          escapedCookie.append(cookieName).append("=").append(cookieSplit[1].trim());
        }
      }
    }
    return escapedCookie.toString();
  }

这个方法中String cookieSplit[] = cookie.split("="); 这一行，使用“=”分割是不健壮的，如果cookie的value中正好含有“=”，那么就会出错，例如我在访问某个交换机的http网站服务时，有个cookie是这样的：index==0b=06=0AB00=0R

建议找到第一个“=”然后使用substring截取，以下是我重写后的：

@Override
    protected String getRealCookie(String cookieValue) {
        StringBuilder escapedCookie = new StringBuilder();
        String cookies[] = cookieValue.split("[;,]");
        for (String cookie : cookies) {
            int index = cookie.indexOf("=");
            if (index>0){
                String cookieName = cookie.substring(0,index).trim();
                if (escapedCookie.length() > 0) {
                    escapedCookie.append("; ");
                }
                escapedCookie.append(cookieName).append("=").append(cookie.substring(index+1).trim());
            }
        }
        return escapedCookie.toString();
    }

[dsmiley]

I'm sorry, but I do not read Chinese :-/

[changanmark]

不是吧，整个翻译软件翻译翻译呀 18309225600@163.com 发件人： David Smiley 发送时间： 2020-09-22 20:18 收件人： mitre/HTTP-Proxy-Servlet 抄送： 18309225600; Author 主题： Re: [mitre/HTTP-Proxy-Servlet] cookie解析有误 (#175) I'm sorry, but I do not read Chinese :-/ — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.