Class: HTTP::Cookie::Scanner

Inherits:
StringScanner
  • Object
show all
Defined in:
lib/http/cookie/scanner.rb

Constant Summary collapse

RE_WSP =

Whitespace.

/[ \t]+/
RE_NAME =

A pattern that matches a cookie name or attribute name which may be empty, capturing trailing whitespace.

/(?!#{RE_WSP})[^,;\\"=]*/
RE_BAD_CHAR =
/([\x00-\x20\x7F",;\\])/
/,(?=#{RE_WSP}?#{RE_NAME}=)/

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(string, logger = nil) ⇒ Scanner

Returns a new instance of Scanner.


18
19
20
21
# File 'lib/http/cookie/scanner.rb', line 18

def initialize(string, logger = nil)
  @logger = logger
  super(string)
end

Class Method Details

.quote(s) ⇒ Object


24
25
26
27
# File 'lib/http/cookie/scanner.rb', line 24

def quote(s)
  return s unless s.match(RE_BAD_CHAR)
  '"' << s.gsub(/([\\"])/, "\\\\\\1") << '"'
end

Instance Method Details


102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# File 'lib/http/cookie/scanner.rb', line 102

def parse_cookie_date(s)
  # RFC 6265 5.1.1
  time = day_of_month = month = year = nil

  s.split(/[\x09\x20-\x2F\x3B-\x40\x5B-\x60\x7B-\x7E]+/).each { |token|
    case
    when time.nil? && token.match(/\A(\d{1,2}):(\d{1,2})(?::(\d{1,2}))?(?=\D|\z)/)
      sec =
        if $3
          $3.to_i
        else
          # violation of the RFC
          @logger.warn("Time lacks the second part: #{token}") if @logger
          0
        end
      time = [$1.to_i, $2.to_i, sec]
    when day_of_month.nil? && token.match(/\A(\d{1,2})(?=\D|\z)/)
      day_of_month = $1.to_i
    when month.nil? && token.match(/\A(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)/i)
      month = $1.capitalize
    when year.nil? && token.match(/\A(\d{2,4})(?=\D|\z)/)
      year = $1.to_i
    end
  }

  if day_of_month.nil? || month.nil? || year.nil? || time.nil?
    return nil
  end

  case day_of_month
  when 1..31
  else
    return nil
  end

  case year
  when 100..1600
    return nil
  when 70..99
    year += 1900
  when 0..69
    year += 2000
  end

  hh, mm, ss = time
  if hh > 23 || mm > 59 || ss > 59
    return nil
  end

  tuple_to_time(day_of_month, month, year, time)
end

216
217
218
219
220
221
222
223
224
225
226
227
228
229
# File 'lib/http/cookie/scanner.rb', line 216

def scan_cookie
  # RFC 6265 4.1.1 & 5.4
  until eos?
    skip_wsp

    name, value = scan_name_value

    yield name, value if value

    # The comma is used as separator for concatenating multiple
    # values of a header.
    skip(/[;,]/)
  end
end

#scan_dquotedObject


34
35
36
37
38
39
40
41
42
43
44
45
# File 'lib/http/cookie/scanner.rb', line 34

def scan_dquoted
  ''.tap { |s|
    case
    when skip(/"/)
      break
    when skip(/\\/)
      s << getch
    when scan(/[^"\\]+/)
      s << matched
    end until eos?
  }
end

#scan_nameObject


47
48
49
50
51
# File 'lib/http/cookie/scanner.rb', line 47

def scan_name
  scan(RE_NAME).tap { |s|
    s.rstrip! if s
  }
end

#scan_name_valueObject


71
72
73
74
75
76
77
78
79
80
# File 'lib/http/cookie/scanner.rb', line 71

def scan_name_value
  name = scan_name
  if skip(/\=/)
    value = scan_value
  else
    scan_value
    value = nil
  end
  [name, value]
end

154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
# File 'lib/http/cookie/scanner.rb', line 154

def scan_set_cookie
  # RFC 6265 4.1.1 & 5.2
  until eos?
    start = pos
    len = nil

    skip_wsp

    name, value = scan_name_value
    if value.nil?
      @logger.warn("Cookie definition lacks a name-value pair.") if @logger
    elsif name.empty?
      @logger.warn("Cookie definition has an empty name.") if @logger
      value = nil
    end
    attrs = {}

    case
    when skip(/,/)
      # The comma is used as separator for concatenating multiple
      # values of a header.
      len = (pos - 1) - start
      break
    when skip(/;/)
      skip_wsp
      aname, avalue = scan_name_value
      next if aname.empty? || value.nil?
      aname.downcase!
      case aname
      when 'expires'
        # RFC 6265 5.2.1
        avalue &&= parse_cookie_date(avalue) or next
      when 'max-age'
        # RFC 6265 5.2.2
        next unless /\A-?\d+\z/.match(avalue)
      when 'domain'
        # RFC 6265 5.2.3
        # An empty value SHOULD be ignored.
        next if avalue.nil? || avalue.empty?
      when 'path'
        # RFC 6265 5.2.4
        # A relative path must be ignored rather than normalizing it
        # to "/".
        next unless /\A\//.match(avalue)
      when 'secure', 'httponly'
        # RFC 6265 5.2.5, 5.2.6
        avalue = true
      end
      attrs[aname] = avalue
    end until eos?

    len ||= pos - start

    if len > HTTP::Cookie::MAX_LENGTH
      @logger.warn("Cookie definition too long: #{name}") if @logger
      next
    end

    yield name, value, attrs if value
  end
end

#scan_valueObject


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/http/cookie/scanner.rb', line 53

def scan_value
  ''.tap { |s|
    case
    when scan(/[^,;"]+/)
      s << matched
    when skip(/"/)
      # RFC 6265 2.2
      # A cookie-value may be DQUOTE'd.
      s << scan_dquoted
    when check(/;|#{RE_COOKIE_COMMA}/o)
      break
    else
      s << getch
    end until eos?
    s.rstrip!
  }
end

#skip_wspObject


30
31
32
# File 'lib/http/cookie/scanner.rb', line 30

def skip_wsp
  skip(RE_WSP)
end