Land rapid7#9333, get_cookies_parsed using CGI::Cookie

Author: wvu

lib/rex/proto/http/response.rb

@@ -1,4 +1,5 @@
 # -*- coding: binary -*-
+require 'cgi'
 require 'uri'
 require 'rex/proto/http'
 require 'nokogiri'
@@ -84,6 +85,18 @@ def get_cookies
     return cookies.strip
   end
 
+  #
+  # Gets cookies from the Set-Cookie header in a parsed format
+  #
+  def get_cookies_parsed
+    if (self.headers.include?('Set-Cookie'))
+      ret = CGI::Cookie::parse(self.headers['Set-Cookie'])
+    else
+      ret = {}
+    end
+    ret
+  end
+
 
   # Returns a parsed HTML document.
   # Instead of using regexes to parse the HTML body, you should use this and use the Nokogiri API.

spec/lib/rex/proto/http/response_spec.rb

@@ -133,6 +133,14 @@
     HEREDOC
   end
 
+  let (:get_cookies_spaces_and_missing_semicolon) do
+    <<-HEREDOC.gsub(/^ {6}/, '')
+      HTTP/1.1 200 OK
+      Set-Cookie: k1=v1; k2=v2;k3=v3
+
+    HEREDOC
+  end
+
   let (:meta_name) do
     'META_NAME'
   end
@@ -176,7 +184,7 @@
       <genre>Computer</genre>
       <price>44.95</price>
       <publish_date>2000-10-01</publish_date>
-      <description>An in-depth look at creating applications 
+      <description>An in-depth look at creating applications
       with XML.</description>
    </book>
 </catalog>
@@ -396,6 +404,22 @@ def cookie_sanity_check(meth)
       expect(cookies_array).to include(*expected_cookies)
     end
 
+    it 'parses cookies with inconsistent spacing and a missing trailing semicolons' do
+      resp = described_class.new()
+      resp.parse(self.send :get_cookies_spaces_and_missing_semicolon)
+      cookies = resp.get_cookies_parsed
+      names = cookies.keys.sort
+      values = []
+      cookies.each do |_, parsed|
+        parsed.value.each do |value|
+          values << value
+        end
+      end
+      values.sort!
+      expect(names).to eq(%w(k1 k2 k3))
+      expect(values).to eq(%w(v1 v2 v3))
+    end
+
   end
 
 end