diff options
| author | Jesse Wilson <jessewilson@google.com> | 2010-10-14 15:57:59 -0700 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2010-10-14 15:57:59 -0700 |
| commit | 8f666c2db1811b2f1797a692d6547362f3cd9954 (patch) | |
| tree | 7411995c9c3196fb7e61b4027b106091b38cbc54 /core/tests | |
| parent | d4e03f37423bee383d17f7292753a5f67e497a28 (diff) | |
| parent | 2102bde9d4afc2a7246b62ceaab495a8ec7401f3 (diff) | |
| download | frameworks_base-8f666c2db1811b2f1797a692d6547362f3cd9954.zip frameworks_base-8f666c2db1811b2f1797a692d6547362f3cd9954.tar.gz frameworks_base-8f666c2db1811b2f1797a692d6547362f3cd9954.tar.bz2 | |
Merge "Test that we don't leak sensitive information when logging cookies." into gingerbread
Diffstat (limited to 'core/tests')
| -rw-r--r-- | core/tests/coretests/src/android/net/http/CookiesTest.java | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/core/tests/coretests/src/android/net/http/CookiesTest.java b/core/tests/coretests/src/android/net/http/CookiesTest.java new file mode 100644 index 0000000..c9eca03 --- /dev/null +++ b/core/tests/coretests/src/android/net/http/CookiesTest.java @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.net.http; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.net.URISyntaxException; +import java.util.logging.Logger; +import java.util.logging.SimpleFormatter; +import java.util.logging.StreamHandler; +import junit.framework.TestCase; +import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.DefaultHttpClient; +import tests.http.MockResponse; +import tests.http.MockWebServer; + +public final class CookiesTest extends TestCase { + + private MockWebServer server = new MockWebServer(); + + @Override protected void tearDown() throws Exception { + server.shutdown(); + super.tearDown(); + } + + /** + * Test that we don't log potentially sensitive cookie values. + * http://b/3095990 + */ + public void testCookiesAreNotLogged() throws IOException, URISyntaxException { + // enqueue an HTTP response with a cookie that will be rejected + server.enqueue(new MockResponse() + .addHeader("Set-Cookie: password=secret; Domain=fake.domain")); + server.play(); + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + Logger logger = Logger.getLogger("org.apache.http"); + StreamHandler handler = new StreamHandler(out, new SimpleFormatter()); + logger.addHandler(handler); + try { + HttpClient client = new DefaultHttpClient(); + client.execute(new HttpGet(server.getUrl("/").toURI())); + handler.close(); + + String log = out.toString("UTF-8"); + assertTrue(log, log.contains("password")); + assertTrue(log, log.contains("fake.domain")); + assertFalse(log, log.contains("secret")); + + } finally { + logger.removeHandler(handler); + } + } +} |