diff options
| author | Jesse Wilson <jessewilson@google.com> | 2010-10-14 16:02:57 -0700 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2010-10-14 16:02:57 -0700 |
| commit | 9bb8e5cc3e9f8ae2c46967ee1fd422f3bf1e9429 (patch) | |
| tree | c0d9d975bd8b9b7ef46d306e42b7d2f647a5191d /core/tests/coretests | |
| parent | 7e9a54d460030a871a4f05e61e943c6a694e9ef8 (diff) | |
| parent | 8f666c2db1811b2f1797a692d6547362f3cd9954 (diff) | |
| download | frameworks_base-9bb8e5cc3e9f8ae2c46967ee1fd422f3bf1e9429.zip frameworks_base-9bb8e5cc3e9f8ae2c46967ee1fd422f3bf1e9429.tar.gz frameworks_base-9bb8e5cc3e9f8ae2c46967ee1fd422f3bf1e9429.tar.bz2 | |
am 8f666c2d: Merge "Test that we don\'t leak sensitive information when logging cookies." into gingerbread
Merge commit '8f666c2db1811b2f1797a692d6547362f3cd9954' into gingerbread-plus-aosp
* commit '8f666c2db1811b2f1797a692d6547362f3cd9954':
Test that we don't leak sensitive information when logging cookies.
Diffstat (limited to 'core/tests/coretests')
| -rw-r--r-- | core/tests/coretests/src/android/net/http/CookiesTest.java | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/core/tests/coretests/src/android/net/http/CookiesTest.java b/core/tests/coretests/src/android/net/http/CookiesTest.java new file mode 100644 index 0000000..c9eca03 --- /dev/null +++ b/core/tests/coretests/src/android/net/http/CookiesTest.java @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.net.http; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.net.URISyntaxException; +import java.util.logging.Logger; +import java.util.logging.SimpleFormatter; +import java.util.logging.StreamHandler; +import junit.framework.TestCase; +import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.DefaultHttpClient; +import tests.http.MockResponse; +import tests.http.MockWebServer; + +public final class CookiesTest extends TestCase { + + private MockWebServer server = new MockWebServer(); + + @Override protected void tearDown() throws Exception { + server.shutdown(); + super.tearDown(); + } + + /** + * Test that we don't log potentially sensitive cookie values. + * http://b/3095990 + */ + public void testCookiesAreNotLogged() throws IOException, URISyntaxException { + // enqueue an HTTP response with a cookie that will be rejected + server.enqueue(new MockResponse() + .addHeader("Set-Cookie: password=secret; Domain=fake.domain")); + server.play(); + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + Logger logger = Logger.getLogger("org.apache.http"); + StreamHandler handler = new StreamHandler(out, new SimpleFormatter()); + logger.addHandler(handler); + try { + HttpClient client = new DefaultHttpClient(); + client.execute(new HttpGet(server.getUrl("/").toURI())); + handler.close(); + + String log = out.toString("UTF-8"); + assertTrue(log, log.contains("password")); + assertTrue(log, log.contains("fake.domain")); + assertFalse(log, log.contains("secret")); + + } finally { + logger.removeHandler(handler); + } + } +} |