(t *testing.T)
| 433 | } |
| 434 | |
| 435 | func Test_CookieJar_RejectUnrelatedResponseDomain(t *testing.T) { |
| 436 | t.Parallel() |
| 437 | |
| 438 | jar := &CookieJar{} |
| 439 | resp := fasthttp.AcquireResponse() |
| 440 | host := []byte("attacker.invalid") |
| 441 | |
| 442 | c := &fasthttp.Cookie{} |
| 443 | c.SetKey("sess") |
| 444 | c.SetValue("evil") |
| 445 | c.SetDomain("victim.example") |
| 446 | resp.Header.SetCookie(c) |
| 447 | |
| 448 | jar.parseCookiesFromResp(host, nil, resp) |
| 449 | |
| 450 | uri := fasthttp.AcquireURI() |
| 451 | require.NoError(t, uri.Parse(nil, []byte("http://victim.example/"))) |
| 452 | require.Empty(t, jar.Get(uri)) |
| 453 | } |
| 454 | |
| 455 | func Test_CookieJar_SetRejectUnrelatedDomain(t *testing.T) { |
| 456 | t.Parallel() |
nothing calls this directly
no test coverage detected