IETF Logo Mail Archive

Re: [http-state] A question about the parser test data

Adam Barth <ietf@adambarth.com> Sat, 09 April 2011 01:58 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5E8563A6A62 for <http-state@core3.amsl.com>; Fri, 8 Apr 2011 18:58:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.816
X-Spam-Level:
X-Spam-Status: No, score=-2.816 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, WEIRD_PORT=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RZFkhjBv7njy for <http-state@core3.amsl.com>; Fri, 8 Apr 2011 18:58:17 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id BBDD73A6A5D for <http-state@ietf.org>; Fri, 8 Apr 2011 18:58:16 -0700 (PDT)
Received: by yxk30 with SMTP id 30so1957028yxk.31 for <http-state@ietf.org>; Fri, 08 Apr 2011 19:00:02 -0700 (PDT)
Received: by 10.150.184.13 with SMTP id h13mr2699679ybf.449.1302314400832; Fri, 08 Apr 2011 19:00:00 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id u35sm1739730yba.12.2011.04.08.18.59.58 (version=SSLv3 cipher=OTHER); Fri, 08 Apr 2011 18:59:59 -0700 (PDT)
Received: by iwn39 with SMTP id 39so4842820iwn.31 for <http-state@ietf.org>; Fri, 08 Apr 2011 18:59:58 -0700 (PDT)
Received: by 10.42.117.3 with SMTP id r3mr3627462icq.429.1302314398185; Fri, 08 Apr 2011 18:59:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.227.69 with HTTP; Fri, 8 Apr 2011 18:59:28 -0700 (PDT)
In-Reply-To: <BANLkTinStWoBKmQE-DiWDn30QCOrsN6goQ@mail.gmail.com>
References: <BANLkTimipXDMrkfTA=aJ0UwKibEUR6vakA@mail.gmail.com> <BANLkTinCjwwbo0Y=QgVS=5XV1apESYbGvA@mail.gmail.com> <BANLkTinStWoBKmQE-DiWDn30QCOrsN6goQ@mail.gmail.com>
From: Adam Barth <ietf@adambarth.com>
Date: Fri, 08 Apr 2011 18:59:28 -0700
Message-ID: <BANLkTi=f8mgqy8MBOWGU1daFJiLC+dMyUQ@mail.gmail.com>
To: Chris Hanson <cph@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] A question about the parser test data
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Apr 2011 01:58:18 -0000

Thanks for these notes.  Comments below:

====
My model for the tests is as follows:

* "Set-Cookie:" headers are received in response from
  "http://home.example.org:8888/cookie-parser?TESTNAME".
  Consequently, default domain is "home.example.org" and default path
  is "/".

* "Cookie:" headers are those that would be sent back to the same URL,
  unless overridden by "Location:" header.  "Location:" header, if
  present, is relative to that URL.
====

[abarth] That's not quite right.  They're read from
"http://home.example.org:8888/cookie-parser-result?TESTNAME".  If you
run the Python script in test/run-test-server, that will actually spin
up an HTTP server you can use to test your implementation against.
You can look at run-test for examples of how to automate running all
the tests against your implementation.

====
The following all have issues with parsing of the "Set-Cookie:" header
that should give different behavior:

0021 don't expect "Cookie: x"; cookie-pair no good
NAME0017 expect no cookies; cookie-pair no good
====

[abarth] Fixed.

====
PATH0001 don't expect "Cookie: x=y"; path mismatch
PATH0002 don't expect "Cookie: a=b"; path mismatch
PATH0003 don't expect "Cookie: a=b"; path mismatch
PATH0004 don't expect "Cookie: x=y"; path mismatch
====

[abarth] These should work correctly once you interpret the final URL
as http://home.example.org:8888/cookie-parser-result?TESTNAME.

====
PATH0027 expect "Cookie: foo=bar"; explicit path should be ignored
====

[abarth] Fixed.

====
PATH0029 expect no cookies; path mismatch
====

[abarth] This should work correctly once you interpret the final URL
as http://home.example.org:8888/cookie-parser-result?TESTNAME.
Another possibility is that you're missing this step on page 22:

[[
   5.  Remove any leading or trailing WSP characters from the attribute-
       name string and the attribute-value string.
]]

which is that this test intends to test.

====
These have issues with path matching the cookie path to the URL path:

ATTRIBUTE0023 expect no cookies; path mismatch
====

[abarth] This is likely the "cookie-parser-result" issue again.

====
ORDERING0001 expect "Cookie: key=val0"; path and domain should both match
====

val0 doesn't appear in the final cookie because

Set-Cookie: key=val2; path=/

overwrites it.  Notice that val0 gets the default path (which is / in
this case).  The check for removing old cookies with the same
name/domain/path occurs after the default path gets substituted for a
missing path attribute.

====
DISABLED_DOMAIN0032 and DOMAIN0014 are a bit of a puzzle.
Domain-parsing and host normalization rules don't say anything about
trailing dots.  So, strictly speaking, both tests should send no
cookies due to a domain mismatch.  However, one is expected to send a
cookie and the other not.  Given that a trailing dot is legitimate
syntax for DNS, I would think that ignoring trailing dots would result
in behavior that's different from today's implementations.
====

I've just deleted DISABLED_DOMAIN0032.  It's disabled because it's
actually testing something other than cookies (namely, URL
canonicalization).  DOMAIN0014, however, is a more reasonable test.
The point is that trailing dots in the Domain attribute aren't
canonicalized away (unlike leading dots).

Thanks for your detailed feedback.  I've pushed the fixes to github.

Adam


On Fri, Apr 8, 2011 at 3:02 PM, Chris Hanson <cph@google.com> wrote:
> I've attached my notes about the parser tests.  I tried to give enough
> detail so you can evaluate whether the data is wrong or my
> understanding is wrong; let me know if you need more.
>
> Chris
>
> On Fri, Apr 8, 2011 at 11:02 AM, Adam Barth <ietf@adambarth.com> wrote:
>> The test data isn't up to date with the final changes in the spec.  If
>> you'd be willing to send me the list of tests that don't match your
>> reading of the spec, I'll be happy to fix them.
>>
>> Thanks,
>> Adam
>>
>>
>> On Sun, Apr 3, 2011 at 10:08 PM, Chris Hanson <cph@google.com> wrote:
>>> I've recently built a cookie implementation that's intended to be
>>> (eventually) compliant with draft-23.  As part of my testing, I
>>> gobbled up the test data from https://github.com/abarth/http-state/
>>> and have been running my set-cookie parser on it.
>>>
>>> I've been seeing some anomalies between what it specifies and what I
>>> expect based on my reading of the spec.
>>>
>>> Are these tests intended to be true for compliant implementations?  Or
>>> are they just true for current browsers, and not necessarily for
>>> compliant implementations?  I suspect the latter but would like
>>> confirmation; otherwise I may need some help understanding why my
>>> reading of the spec is incorrect.
>>>
>>> Thanks in advance,
>>> Chris
>>> _______________________________________________
>>> http-state mailing list
>>> http-state@ietf.org
>>> https://www.ietf.org/mailman/listinfo/http-state
>>>
>>
>

v2.23.0 | Report a Bug | By Email