http-cookie 1.0.2 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 633adcbc5625bcf9d8c1509b9480d955f3107a06
-  data.tar.gz: 17c8fefbe45bb8429d3c533a1338bf4cec02345e
+SHA256:
+  metadata.gz: 5230b0bd44e032652855e7b9e60e3d994ca56adbd57550c7520930d4dbf734a4
+  data.tar.gz: 65240197f49ac57bac8c6f3d1104cfe4f8fff77e1ac992c05c72d74efbba8300
 SHA512:
-  metadata.gz: 190e3fc5a0a658b73a9fc6c0e43937b6fd9fdebb9b6d92e09edd51c24209fbd2fb61e9ea49eb29621f2fefeb1ec5095779deded65c343f2f0c52c4f53c1e0b76
-  data.tar.gz: 96627fd5e6617b71c0b5dadf08e918169aabeda0c9ebf0f3a3d1d3d4c920b3999637f61009f4d531ddb588178bd6f0e26529b9ee49bf1808374971b7337a69f3
+  metadata.gz: 7fc5bb2e287d60d060c54eb9fb9ccb6d55c55e84ec35525deff8c088c873d6ac26db86f7f1cf3c03a7cbf05e397b6cd0e3a1e1171c2dcff8848e0345a34b0905
+  data.tar.gz: 1c85e07a65fac1d5440126bea27dbc01160edc9a791f56e021cd3142070eada54bf1ec3cda31c9d9273f23c3a84c8786c308bcdd27e03f7266c203dde4abdd6f

data/.github/workflows/ci.yml

@@ -0,0 +1,37 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - "*"
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu]
+        # We still kind of support Ruby 1.8.7
+        ruby: [2.7, "3.0", 3.1, head, jruby]
+
+    name: >-
+      ${{matrix.os}}:ruby-${{matrix.ruby}}
+    runs-on: ${{matrix.os}}-latest
+    continue-on-error: ${{matrix.ruby == 'head' || matrix.ruby == 'jruby'}}
+
+    steps:
+      - name: Check out
+        uses: actions/checkout@v2
+
+      - name: Set up ruby and bundle
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{matrix.ruby}}
+          bundler-cache: true
+
+      - name: Run rake
+        run: |
+          bundle exec rake

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 1.0.5 (2022-05-25)
+
+- Silence SQLite3 warnings
+
+## 1.0.4 (2021-06-07)
+
+- Support Mozilla's cookie storage format up to version 7.
+
+- Fix the time representation with creationTime and lastAccessed in
+  MozillaStore. (#8)
+
+## 1.0.3 (2016-09-30)
+
+- Treat comma as normal character in HTTP::Cookie.cookie_value_to_hash
+  instead of key-value pair separator.  This should fix the problem
+  described in CVE-2016-7401.
+
 ## 1.0.2 (2013-09-10)
 
   - Fix HTTP::Cookie.parse so that it does not raise ArgumentError

data/http-cookie.gemspec

@@ -25,10 +25,11 @@ Gem::Specification.new do |gem|
   gem.extra_rdoc_files = ['README.md', 'LICENSE.txt']
 
   gem.add_runtime_dependency("domain_name", ["~> 0.5"])
-  gem.add_development_dependency("sqlite3", ["~> 1.3.3"]) unless defined?(JRUBY_VERSION)
+  gem.add_development_dependency("sqlite3", ["~> 1.3"]) unless defined?(JRUBY_VERSION)
   gem.add_development_dependency("bundler", [">= 1.2.0"])
-  gem.add_development_dependency("test-unit", [">= 2.4.3"])
-  gem.add_development_dependency("rake", [">= 0.9.2.2"])
-  gem.add_development_dependency("rdoc", ["> 2.4.2"])
+  gem.add_development_dependency("test-unit", [">= 2.4.3", *("< 3" if RUBY_VERSION < "1.9")])
+  gem.add_development_dependency("rake", [">= 0.9.2.2", *("< 11" if RUBY_VERSION < "1.9")])
+  gem.add_development_dependency("rdoc", RUBY_VERSION > "1.9" ? "> 2.4.2" : "~> 2.4.2")
   gem.add_development_dependency("simplecov", [">= 0"])
+  gem.add_development_dependency("json", ["< 2"]) if RUBY_VERSION < "2.0"
 end

data/lib/http/cookie/scanner.rb

@@ -50,7 +50,7 @@ class HTTP::Cookie::Scanner < StringScanner
     }
   end
 
-  def scan_value
+  def scan_value(comma_as_separator = false)
     ''.tap { |s|
       case
       when scan(/[^,;"]+/)
@@ -59,7 +59,9 @@ class HTTP::Cookie::Scanner < StringScanner
         # RFC 6265 2.2
         # A cookie-value may be DQUOTE'd.
         s << scan_dquoted
-      when check(/;|#{RE_COOKIE_COMMA}/o)
+      when check(/;/)
+        break
+      when comma_as_separator && check(RE_COOKIE_COMMA)
         break
       else
         s << getch
@@ -68,12 +70,12 @@ class HTTP::Cookie::Scanner < StringScanner
     }
   end
 
-  def scan_name_value
+  def scan_name_value(comma_as_separator = false)
     name = scan_name
     if skip(/\=/)
-      value = scan_value
+      value = scan_value(comma_as_separator)
     else
-      scan_value
+      scan_value(comma_as_separator)
       value = nil
     end
     [name, value]
@@ -159,7 +161,7 @@ class HTTP::Cookie::Scanner < StringScanner
 
       skip_wsp
 
-      name, value = scan_name_value
+      name, value = scan_name_value(true)
       if value.nil?
         @logger.warn("Cookie definition lacks a name-value pair.") if @logger
       elsif name.empty?
@@ -176,7 +178,7 @@ class HTTP::Cookie::Scanner < StringScanner
         break
       when skip(/;/)
         skip_wsp
-        aname, avalue = scan_name_value
+        aname, avalue = scan_name_value(true)
         next if aname.empty? || value.nil?
         aname.downcase!
         case aname
@@ -218,13 +220,12 @@ class HTTP::Cookie::Scanner < StringScanner
     until eos?
       skip_wsp
 
-      name, value = scan_name_value
+      # Do not treat comma in a Cookie header value as separator; see CVE-2016-7401
+      name, value = scan_name_value(false)
 
       yield name, value if value
 
-      # The comma is used as separator for concatenating multiple
-      # values of a header.
-      skip(/[;,]/)
+      skip(/;/)
     end
   end
 end

data/lib/http/cookie/version.rb

@@ -1,5 +1,5 @@
 module HTTP
   class Cookie
-    VERSION = "1.0.2"
+    VERSION = "1.0.5"
   end
 end

data/lib/http/cookie.rb

@@ -128,7 +128,7 @@ class HTTP::Cookie
   #     new("name" => "uid", "value" => "a12345", "Domain" => 'www.example.org')
   #
   def initialize(*args)
-    @origin = @domain = @path =
+    @name = @origin = @domain = @path =
       @expires = @max_age = nil
     @for_domain = @secure = @httponly = false
     @session = true

data/lib/http/cookie_jar/abstract_store.rb

@@ -17,8 +17,8 @@ class HTTP::CookieJar::AbstractStore
       begin
         require 'http/cookie_jar/%s_store' % symbol
         @@class_map.fetch(symbol)
-      rescue LoadError, IndexError
-        raise IndexError, 'cookie store unavailable: %s' % symbol.inspect
+      rescue LoadError, IndexError => e
+        raise IndexError, 'cookie store unavailable: %s, error: %s' % symbol.inspect, e.message
       end
     end
 

data/lib/http/cookie_jar/hash_store.rb

@@ -67,10 +67,8 @@ class HTTP::CookieJar
     def each(uri = nil) # :yield: cookie
       now = Time.now
       if uri
-        thost = DomainName.new(uri.host)
         tpath = uri.path
         @jar.each { |domain, paths|
-          next unless thost.cookie_domain?(domain)
           paths.each { |path, hash|
             next unless HTTP::Cookie.path_match?(path, tpath)
             hash.delete_if { |name, cookie|

data/lib/http/cookie_jar/mozilla_store.rb

@@ -10,7 +10,7 @@ class HTTP::CookieJar
   # stored persistently in the SQLite3 database.
   class MozillaStore < AbstractStore
     # :stopdoc:
-    SCHEMA_VERSION = 5
+    SCHEMA_VERSION = 7
 
     def default_options
       {
@@ -22,14 +22,11 @@ class HTTP::CookieJar
 
     ALL_COLUMNS = %w[
       baseDomain
-      appId inBrowserElement
+      originAttributes
       name value
       host path
       expiry creationTime lastAccessed
       isSecure isHttpOnly
-    ]
-    UK_COLUMNS = %w[
-      name host path
       appId inBrowserElement
     ]
 
@@ -95,6 +92,11 @@ class HTTP::CookieJar
     def initialize(options = nil)
       super
 
+      @origin_attributes = encode_www_form({}.tap { |params|
+        params['appId'] = @app_id if @app_id.nonzero?
+        params['inBrowserElement'] = 1 if @in_browser_element
+      })
+
       @filename = options[:filename] or raise ArgumentError, ':filename option is missing'
 
       @sjar = HTTP::CookieJar::HashStore.new
@@ -134,7 +136,7 @@ class HTTP::CookieJar
 
     # Returns the schema version of the database.
     def schema_version
-      @schema_version ||= @db.execute("PRAGMA user_version").first[0]
+      @schema_version ||= @db.execute("PRAGMA user_version").first["user_version"]
     rescue SQLite3::SQLException
       @logger.warn "couldn't get schema version!" if @logger
       return nil
@@ -147,8 +149,8 @@ class HTTP::CookieJar
       @schema_version = version
     end
 
-    def create_table
-      self.schema_version = SCHEMA_VERSION
+    def create_table_v5
+      self.schema_version = 5
       @db.execute("DROP TABLE IF EXISTS moz_cookies")
       @db.execute(<<-'SQL')
                    CREATE TABLE moz_cookies (
@@ -176,6 +178,62 @@ class HTTP::CookieJar
       SQL
     end
 
+    def create_table_v6
+      self.schema_version = 6
+      @db.execute("DROP TABLE IF EXISTS moz_cookies")
+      @db.execute(<<-'SQL')
+                   CREATE TABLE moz_cookies (
+                     id INTEGER PRIMARY KEY,
+                     baseDomain TEXT,
+                     originAttributes TEXT NOT NULL DEFAULT '',
+                     name TEXT,
+                     value TEXT,
+                     host TEXT,
+                     path TEXT,
+                     expiry INTEGER,
+                     lastAccessed INTEGER,
+                     creationTime INTEGER,
+                     isSecure INTEGER,
+                     isHttpOnly INTEGER,
+                     CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes)
+                   )
+      SQL
+      @db.execute(<<-'SQL')
+                   CREATE INDEX moz_basedomain
+                     ON moz_cookies (baseDomain,
+                                     originAttributes);
+      SQL
+    end
+
+    def create_table
+      self.schema_version = SCHEMA_VERSION
+      @db.execute("DROP TABLE IF EXISTS moz_cookies")
+      @db.execute(<<-'SQL')
+                   CREATE TABLE moz_cookies (
+                     id INTEGER PRIMARY KEY,
+                     baseDomain TEXT,
+                     originAttributes TEXT NOT NULL DEFAULT '',
+                     name TEXT,
+                     value TEXT,
+                     host TEXT,
+                     path TEXT,
+                     expiry INTEGER,
+                     lastAccessed INTEGER,
+                     creationTime INTEGER,
+                     isSecure INTEGER,
+                     isHttpOnly INTEGER,
+                     appId INTEGER DEFAULT 0,
+                     inBrowserElement INTEGER DEFAULT 0,
+                     CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes)
+                   )
+      SQL
+      @db.execute(<<-'SQL')
+                   CREATE INDEX moz_basedomain
+                     ON moz_cookies (baseDomain,
+                                     originAttributes);
+      SQL
+    end
+
     def db_prepare(sql)
       st = @db.prepare(sql)
       yield st
@@ -226,7 +284,7 @@ class HTTP::CookieJar
         when 4
           @db.execute("ALTER TABLE moz_cookies RENAME TO moz_cookies_old")
           @db.execute("DROP INDEX moz_basedomain")
-          create_table
+          create_table_v5
           @db.execute(<<-'SQL')
                        INSERT INTO moz_cookies
                          (baseDomain, appId, inBrowserElement, name, value, host, path, expiry,
@@ -236,7 +294,42 @@ class HTTP::CookieJar
                            FROM moz_cookies_old
           SQL
           @db.execute("DROP TABLE moz_cookies_old")
+        when 5
+          @db.execute("ALTER TABLE moz_cookies RENAME TO moz_cookies_old")
+          @db.execute("DROP INDEX moz_basedomain")
+          create_table_v6
+          @db.create_function('CONVERT_TO_ORIGIN_ATTRIBUTES', 2) { |func, appId, inBrowserElement|
+            params = {}
+            params['appId'] = appId if appId.nonzero?
+            params['inBrowserElement'] = inBrowserElement if inBrowserElement.nonzero?
+            func.result = encode_www_form(params)
+          }
+          @db.execute(<<-'SQL')
+                       INSERT INTO moz_cookies
+                         (baseDomain, originAttributes, name, value, host, path, expiry,
+                          lastAccessed, creationTime, isSecure, isHttpOnly)
+                         SELECT baseDomain,
+                                CONVERT_TO_ORIGIN_ATTRIBUTES(appId, inBrowserElement),
+                                name, value, host, path, expiry, lastAccessed, creationTime,
+                                isSecure, isHttpOnly
+                           FROM moz_cookies_old
+          SQL
+          @db.execute("DROP TABLE moz_cookies_old")
+        when 6
+          @db.execute("ALTER TABLE moz_cookies ADD appId INTEGER DEFAULT 0")
+          @db.execute("ALTER TABLE moz_cookies ADD inBrowserElement INTEGER DEFAULT 0")
+          @db.create_function('SET_APP_ID', 1) { |func, originAttributes|
+            func.result = get_query_param(originAttributes, 'appId').to_i  # nil.to_i == 0
+          }
+          @db.create_function('SET_IN_BROWSER', 1) { |func, originAttributes|
+            func.result = get_query_param(originAttributes, 'inBrowserElement').to_i  # nil.to_i == 0
+          }
+          @db.execute(<<-'SQL')
+                       UPDATE moz_cookies SET appId = SET_APP_ID(originAttributes),
+                                              inBrowserElement = SET_IN_BROWSER(originAttributes)
+          SQL
           @logger.info("Upgraded database to schema version %d" % schema_version) if @logger
+          self.schema_version += 1
         else
           break
         end
@@ -259,16 +352,17 @@ class HTTP::CookieJar
     def db_add(cookie)
       @stmt[:add].execute({
           :baseDomain => cookie.domain_name.domain || cookie.domain,
-          :appId => @app_id,
-          :inBrowserElement => @in_browser_element ? 1 : 0,
+          :originAttributes => @origin_attributes,
           :name => cookie.name, :value => cookie.value,
           :host => cookie.dot_domain,
           :path => cookie.path,
           :expiry => cookie.expires_at.to_i,
-          :creationTime => cookie.created_at.to_i,
-          :lastAccessed => cookie.accessed_at.to_i,
+          :creationTime => serialize_usectime(cookie.created_at),
+          :lastAccessed => serialize_usectime(cookie.accessed_at),
           :isSecure => cookie.secure? ? 1 : 0,
           :isHttpOnly => cookie.httponly? ? 1 : 0,
+          :appId => @app_id,
+          :inBrowserElement => @in_browser_element ? 1 : 0,
         })
       cleanup if (@gc_index += 1) >= @gc_threshold
 
@@ -295,6 +389,36 @@ class HTTP::CookieJar
       self
     end
 
+    if RUBY_VERSION >= '1.9'
+      def encode_www_form(enum)
+        URI.encode_www_form(enum)
+      end
+
+      def get_query_param(str, key)
+        URI.decode_www_form(str).find { |k, v|
+          break v if k == key
+        }
+      end
+    else
+      require 'cgi'
+
+      def encode_www_form(enum)
+        enum.map { |k, v| "#{CGI.escape(k)}=#{CGI.escape(v)}" }.join('&')
+      end
+
+      def get_query_param(str, key)
+        CGI.parse(str)[key].first
+      end
+    end
+
+    def serialize_usectime(time)
+      time ? (time.to_f * 1e6).floor : 0
+    end
+
+    def deserialize_usectime(value)
+      Time.at(value ? value / 1e6 : 0)
+    end
+
     public
 
     def add(cookie)
@@ -337,7 +461,6 @@ class HTTP::CookieJar
       now = Time.now
       if uri
         thost = DomainName.new(uri.host)
-        tpath = uri.path
 
         @stmt[:cookies_for_domain].execute({
             :baseDomain => thost.domain || thost.hostname,
@@ -355,8 +478,8 @@ class HTTP::CookieJar
               attrs[:domain]      = row['host']
               attrs[:path]        = row['path']
               attrs[:expires_at]  = Time.at(row['expiry'])
-              attrs[:accessed_at] = Time.at(row['lastAccessed'] || 0)
-              attrs[:created_at]  = Time.at(row['creationTime'] || 0)
+              attrs[:accessed_at] = deserialize_usectime(row['lastAccessed'])
+              attrs[:created_at]  = deserialize_usectime(row['creationTime'])
               attrs[:secure]      = secure
               attrs[:httponly]    = row['isHttpOnly'] != 0
             })
@@ -364,7 +487,7 @@ class HTTP::CookieJar
           if cookie.valid_for_uri?(uri)
             cookie.accessed_at = now
             @stmt[:update_lastaccessed].execute({
-                'lastAccessed' => now.to_i,
+                'lastAccessed' => serialize_usectime(now),
                 'id' => row['id'],
               })
             yield cookie
@@ -383,8 +506,8 @@ class HTTP::CookieJar
               attrs[:domain]      = row['host']
               attrs[:path]        = row['path']
               attrs[:expires_at]  = Time.at(row['expiry'])
-              attrs[:accessed_at] = Time.at(row['lastAccessed'] || 0)
-              attrs[:created_at]  = Time.at(row['creationTime'] || 0)
+              attrs[:accessed_at] = deserialize_usectime(row['lastAccessed'])
+              attrs[:created_at]  = deserialize_usectime(row['creationTime'])
               attrs[:secure]      = row['isSecure'] != 0
               attrs[:httponly]    = row['isHttpOnly'] != 0
             })

data/lib/http/cookie_jar/yaml_saver.rb

@@ -21,7 +21,7 @@ class HTTP::CookieJar::YAMLSaver < HTTP::CookieJar::AbstractSaver
 
   def load(io, jar)
     begin
-      data = YAML.load(io)
+      data = load_yaml(io)
     rescue ArgumentError => e
       case e.message
       when %r{\Aundefined class/module Mechanize::}
@@ -31,7 +31,7 @@ class HTTP::CookieJar::YAMLSaver < HTTP::CookieJar::AbstractSaver
           yaml = io.read
           # a gross hack
           yaml.gsub!(%r{^(    [^ ].*:) !ruby/object:Mechanize::Cookie$}, "\\1")
-          data = YAML.load(yaml)
+          data = load_yaml(yaml)
         rescue Errno::ESPIPE
           @logger.warn "could not rewind the stream for conversion" if @logger
         rescue ArgumentError
@@ -73,4 +73,14 @@ class HTTP::CookieJar::YAMLSaver < HTTP::CookieJar::AbstractSaver
   def default_options
     {}
   end
+
+  if YAML.name == 'Psych' && Psych::VERSION >= '3.1'
+    def load_yaml(yaml)
+      YAML.safe_load(yaml, :permitted_classes => %w[Time HTTP::Cookie Mechanize::Cookie DomainName], :aliases => true)
+    end
+  else
+    def load_yaml(yaml)
+      YAML.load(yaml)
+    end
+  end
 end

data/test/test_http_cookie.rb

@@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 require File.expand_path('helper', File.dirname(__FILE__))
+require 'psych' if !defined?(YAML) && RUBY_VERSION == "1.9.2"
+require 'yaml'
 
 class TestHTTPCookie < Test::Unit::TestCase
   def setup
@@ -441,17 +443,28 @@ class TestHTTPCookie < Test::Unit::TestCase
       ['Bar', 'value 2'],
       ['Baz', 'value3'],
       ['Bar', 'value"4'],
+      ['Quux', 'x, value=5'],
     ]
 
     cookie_value = HTTP::Cookie.cookie_value(pairs.map { |name, value|
         HTTP::Cookie.new(:name => name, :value => value)
       })
 
-    assert_equal 'Foo=value1; Bar="value 2"; Baz=value3; Bar="value\\"4"', cookie_value
+    assert_equal 'Foo=value1; Bar="value 2"; Baz=value3; Bar="value\\"4"; Quux="x, value=5"', cookie_value
 
     hash = HTTP::Cookie.cookie_value_to_hash(cookie_value)
 
-    assert_equal 3, hash.size
+    assert_equal pairs.map(&:first).uniq.size, hash.size
+
+    hash.each_pair { |name, value|
+      _, pvalue = pairs.assoc(name)
+      assert_equal pvalue, value
+    }
+
+    # Do not treat comma in a Cookie header value as separator; see CVE-2016-7401
+    hash = HTTP::Cookie.cookie_value_to_hash('Quux=x, value=5; Foo=value1; Bar="value 2"; Baz=value3; Bar="value\\"4"')
+
+    assert_equal pairs.map(&:first).uniq.size, hash.size
 
     hash.each_pair { |name, value|
       _, pvalue = pairs.assoc(name)
@@ -1062,6 +1075,16 @@ class TestHTTPCookie < Test::Unit::TestCase
     }
   end
 
+  if YAML.name == 'Psych' && Psych::VERSION >= '3.1'
+    private def load_yaml(yaml)
+      YAML.safe_load(yaml, :permitted_classes => %w[Time HTTP::Cookie Mechanize::Cookie DomainName], :aliases => true)
+    end
+  else
+    private def load_yaml(yaml)
+      YAML.load(yaml)
+    end
+  end
+
   def test_yaml_expires
     require 'yaml'
     cookie = HTTP::Cookie.new(cookie_values)
@@ -1069,29 +1092,29 @@ class TestHTTPCookie < Test::Unit::TestCase
     assert_equal false, cookie.session?
     assert_equal nil, cookie.max_age
 
-    ycookie = YAML.load(cookie.to_yaml)
+    ycookie = load_yaml(cookie.to_yaml)
     assert_equal false, ycookie.session?
     assert_equal nil, ycookie.max_age
     assert_in_delta cookie.expires, ycookie.expires, 1
 
     cookie.expires = nil
-    ycookie = YAML.load(cookie.to_yaml)
+    ycookie = load_yaml(cookie.to_yaml)
     assert_equal true, ycookie.session?
     assert_equal nil, ycookie.max_age
 
     cookie.expires = Time.now + 3600
-    ycookie = YAML.load(cookie.to_yaml)
+    ycookie = load_yaml(cookie.to_yaml)
     assert_equal false, ycookie.session?
     assert_equal nil, ycookie.max_age
     assert_in_delta cookie.expires, ycookie.expires, 1
 
     cookie.max_age = 3600
-    ycookie = YAML.load(cookie.to_yaml)
+    ycookie = load_yaml(cookie.to_yaml)
     assert_equal false, ycookie.session?
     assert_in_delta cookie.created_at + 3600, ycookie.expires, 1
 
     cookie.max_age = nil
-    ycookie = YAML.load(cookie.to_yaml)
+    ycookie = load_yaml(cookie.to_yaml)
     assert_equal true, ycookie.session?
     assert_equal nil, ycookie.expires
   end

data/test/test_http_cookie_jar.rb

@@ -20,11 +20,7 @@ module TestHTTPCookieJar
         assert_raises(NameError) {
           HTTP::CookieJar::ErroneousStore
         }
-        if RUBY_VERSION >= "1.9"
-          assert_includes $LOADED_FEATURES, rb
-        else
-          assert_includes $LOADED_FEATURES, rb[(dir.size + 1)..-1]
-        end
+        assert($LOADED_FEATURES.any? { |file| FileTest.identical?(file, rb) })
       }
     end
 
@@ -45,11 +41,7 @@ module TestHTTPCookieJar
         assert_raises(NameError) {
           HTTP::CookieJar::ErroneousSaver
         }
-        if RUBY_VERSION >= "1.9"
-          assert_includes $LOADED_FEATURES, rb
-        else
-          assert_includes $LOADED_FEATURES, rb[(dir.size + 1)..-1]
-        end
+        assert($LOADED_FEATURES.any? { |file| FileTest.identical?(file, rb) })
       }
     end
   end
@@ -139,6 +131,17 @@ module TestHTTPCookieJar
       assert_equal(0, @jar.cookies(URI('http://www.rubyforge.org/')).length)
     end
 
+    def test_host_only_with_unqualified_hostname
+      @jar.add(HTTP::Cookie.new(cookie_values(
+        :origin => 'http://localhost/', :domain => 'localhost', :for_domain => false)))
+
+      assert_equal(1, @jar.cookies(URI('http://localhost/')).length)
+
+      assert_equal(1, @jar.cookies(URI('http://Localhost/')).length)
+
+      assert_equal(1, @jar.cookies(URI('https://Localhost/')).length)
+    end
+
     def test_empty_value
       url = URI 'http://rubyforge.org/'
       values = cookie_values(:value => "")

metadata

@@ -1,114 +1,114 @@
 --- !ruby/object:Gem::Specification
 name: http-cookie
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.5
 platform: ruby
 authors:
 - Akinori MUSHA
 - Aaron Patterson
 - Eric Hodel
 - Mike Dalessio
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-09-10 00:00:00.000000000 Z
+date: 2022-05-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: domain_name
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.3
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.3
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.4.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.4.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.2.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.2.2
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: 2.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: 2.4.2
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: HTTP::Cookie is a Ruby library to handle HTTP Cookies based on RFC 6265.  It
@@ -127,8 +127,8 @@ extra_rdoc_files:
 - README.md
 - LICENSE.txt
 files:
-- .gitignore
-- .travis.yml
+- ".github/workflows/ci.yml"
+- ".gitignore"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -156,24 +156,23 @@ homepage: https://github.com/sparklemotion/http-cookie
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.3
-signing_key: 
+rubygems_version: 3.3.14
+signing_key:
 specification_version: 4
 summary: A Ruby library to handle HTTP Cookies based on RFC 6265
 test_files:

data/.travis.yml

@@ -1,17 +0,0 @@
-language: ruby
-rvm:
-  - 1.8.7
-  - ree
-  - 1.9.3
-  - 2.0.0
-  - ruby-head
-  - jruby-18mode
-  - jruby-19mode
-  - jruby-head
-  - rbx-18mode
-  - rbx-19mode
-matrix:
-  allow_failures:
-    - rvm: ruby-head
-    - rvm: rbx-18mode
-    - rvm: rbx-19mode