tests: add and use `%PERL` variable to refer to the Perl binary

To ensure Perl invocations within tests call the same Perl binary used
for running the tests, as specified or auto-detecte

tests: add and use `%PERL` variable to refer to the Perl binary

To ensure Perl invocations within tests call the same Perl binary used
for running the tests, as specified or auto-detected via `PERL` env
(autotools) or `PERL_EXECUTABLE` setting (cmake). Instead of the first
`perl` executable found in `PATH`.)

Cherry-picked from #14949
Closes #15097

show more ...

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so
widespread in testcases is probably that they have been copy and pasted.

Hence, fixing them all now might curb this practice from now on.

Closes #12028

show more ...

tests: use %LOGDIR to refer to the log directory

This will allow it be set dynamically.

Ref: #10818

tests: add `cookies` features

These tests don't work with `--disable-cookies`.

Closes https://github.com/curl/curl/pull/10713

test8: update as cookies no longer can have "embedded" TABs in content

test8: verify that "ctrl-byte cookies" are ignored

tests: use %TESTNUMBER instead of fixed number

This makes the tests easier to copy and relocate to other test numbers
without having to update content.

Closes #6738

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers matches the date

test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d)

Gets the test working with external proxies like Privoxy again.

Closes #6463

show more ...

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Close

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Closes #6037

show more ...

Revert "cookies: extend domain checks to non psl builds"

This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0.

Regression shipped in 7.64.0
Fixes #3649

cookies: extend domain checks to non psl builds

Ensure to perform the checks we have to enforce a sane domain in
the cookie request. The check for non-PSL enabled builds is quite
bas

cookies: extend domain checks to non psl builds

Ensure to perform the checks we have to enforce a sane domain in
the cookie request. The check for non-PSL enabled builds is quite
basic but it's better than nothing.

Closes #2964
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a

cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.

Closes #2524

show more ...

cookies: allow spaces in cookie names, cut of trailing spaces

It turns out Firefox and Chrome both allow spaces in cookie names and
there are sites out there using that.

Turned

cookies: allow spaces in cookie names, cut of trailing spaces

It turns out Firefox and Chrome both allow spaces in cookie names and
there are sites out there using that.

Turned out the code meant to strip off trailing space from cookie names
didn't work. Fixed now.

Test case 8 modified to verify both these changes.

Closes #639

show more ...

cookies: only use full host matches for hosts used as IP address

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies,

cookies: only use full host matches for hosts used as IP address

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html

show more ...

cookies: only consider full path matches

I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- serv

cookies: only consider full path matches

I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4

show more ...

Let test 8 work as long as %HOSTIP ends with ".0.0.1"

.. and add a precheck to skip the test otherwise.

cookies with same path length might get sorted in different order when
using different qsort implementations. In order to make this test give
same results on different systems, paths now have

cookies with same path length might get sorted in different order when
using different qsort implementations. In order to make this test give
same results on different systems, paths now have different lengths.

show more ...

modified test case 8 to also make sure that we deal with cookies using
identical names but different paths properly

- As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
where two cookies using the same na

- As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
where two cookies using the same name are set more than once using
(overlapping) paths. Realizing this, identically named cookies must be
sorted correctly. But detecting only identically named cookies and take care
of them individually is harder than just to blindly and unconditionally sort
all cookies based on their path lengths. All major browsers also already do
this, so this makes our behavior one step closer to them in the cookie area.

Test case 8 was the only one that broke due to this change and I updated it
accordingly.

show more ...

- Dima Barsky made the curl cookie parser accept cookies even with blank or
unparsable expiry dates and then treat them as session cookies - previously
libcurl would reject cookies with a

- Dima Barsky made the curl cookie parser accept cookies even with blank or
unparsable expiry dates and then treat them as session cookies - previously
libcurl would reject cookies with a date format it couldn't parse. Research
shows that the major browser treat such cookies as session cookies. I
modified test 8 and 31 to verify this.

show more ...

- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
received with domain, path etc set

- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
received with domain, path etc set multiple times in the same header. While
such a cookie is questionable, they occur in the wild and libcurl no longer
leaks memory for them. I added such a header to test case 8.

show more ...

Replaced 127.0.0.1 with %HOSTIP where possible

Convert (most of) the test data files into genuine XML. A handful still
are not, due mainly to the lack of support for XML character entities
(e.g. & => &amp; ). This will make it easier to

Convert (most of) the test data files into genuine XML. A handful still
are not, due mainly to the lack of support for XML character entities
(e.g. & => &amp; ). This will make it easier to validate test files using
tools like xmllint, as well as edit and view them using XML tools.

show more ...

Ates Goral pointed out that libcurl's cookie parser did case insensitive
string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to includ

Ates Goral pointed out that libcurl's cookie parser did case insensitive
string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to include details that test for this.

show more ...

Modified the default HTTP headers used by libcurl:

A) Normal non-proxy HTTP:

- no more "Pragma: no-cache" (this only makes sense to proxies)

B) Non-CONNECT HTTP request ov

Modified the default HTTP headers used by libcurl:

A) Normal non-proxy HTTP:

- no more "Pragma: no-cache" (this only makes sense to proxies)

B) Non-CONNECT HTTP request over proxy:

- "Pragma: no-cache" is used (like before)
- "Proxy-Connection: Keep-alive" (for older style 1.0-proxies)

C) CONNECT HTTP request over proxy:

- "Host: [name]:[port]"
- "Proxy-Connection: Keep-alive"

show more ...