Re: [Httpunit-develop] Two possible refinements
Brought to you by:
russgold
From: James C. <jco...@bi...> - 2008-08-18 05:53:53
|
Thank you Russell. I'll take a look at making the specific changes and including unit test code for submission in the next day or two. I trust you want patches generated by something like the following: svn diff File.java >> patchfile.txt Best, Jamey -----Original Message----- From: htt...@li... [mailto:htt...@li...] On Behalf Of Russell Gold Sent: Sunday, August 17, 2008 8:45 PM To: Discussion of use and development of HttpUnit Subject: Re: [Httpunit-develop] Two possible refinements These sound reasonable. Would you be able to code them? Or at least some unit tests that demonstrate the behavior changes you are seeking? On Aug 17, 2008, at 6:34 PM, James Courtney wrote: > Hello to all involved in the development of HTTPUnit. I am fairly > new to the HTTPUnit product and this is my first post to the list > but I’ve been making use of HTTPUnit this week for an integration > task I’m performing. During this time I’ve run into two separate > issues which I think might be worth considering for improvements to > the HTTPUnit library and I wanted to bring my question to the > developers as either I’m right and there are some tweaks to me made > or I’m wrong and need some help understanding some subtleties. > Both are real possibilities☺ > > At any rate, here it goes: > > > ***** ISSUE #1 ***** > > com.meterware.httpunit.cookies.Cookie: > > Line 250 in the acceptHost method uses the following logic when > validating : > > return hostPattern.equalsIgnoreCase( hostName ) || > (hostPattern.startsWith( "." ) && > hostName.endsWith( hostPattern )); > > This logic seems to have a couple of problems: > 1) In the second part of the comparison case is NOT ignored. > 2) No consideration is given to the > CookieProperties.isDomainMatchingStrict setting > - This seems odd since CookieProperties.isPathMatchingStrict is > considered > in the acceptPath method a few lines earlier and is required to > handle certain > less than compliant web sites (groups.yahoo.com for example). > 3) Should the acceptPath method maybe be static as the acceptHost > method is? > > > ***** ISSUE #2 ***** > > com.meterware.httpunit.WebWindow: > > Line 383 of the shouldFollowRedirect method compares URLs using > URL.equals (HashSet search). > This can result in a somewhat phony loop detection. For example > groups.yahoo.com redirects to the correct subgroup (like > tech.groups.yahoo.com) presumably for housekeeping, possible load > balancing, future modularity, etc. Currently these domains resolve > to the same IP address which causes the URL.equals to return true. > Is there any harm here in simply doing a string compare on the URL > since, with the exception of domain name, that's what's currently > being done by URL.equals? Sure someone could redirect from domain > name to domain name with the same IP but how many distinct domain > names are they likely to come up with. I think the case like what > Yahoo is doing where a site performs sort of a virtual redirect for > whatever reason that isn't malicious is more likely. To be more > secure one could add a maximum size to the redirect set and if X > redirects are reached terminate. > > Additionally, in just above this code block, still in the > shouldFollowResult method there is a MalformedURLException swallowed > with no logging. I don't see how this is good behavior as the url, > possibly malformed, is used in the subsequent code. > > > Thank you all for the consideration of these points. > > Best regards, > > James Courtney > > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win > great prizes > Grand prize is a trip for two to an Open Source event anywhere in > the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Httpunit-develop mailing list > Htt...@li... > https://lists.sourceforge.net/lists/listinfo/httpunit-develop ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Httpunit-develop mailing list Htt...@li... https://lists.sourceforge.net/lists/listinfo/httpunit-develop No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.6.4/1617 - Release Date: 8/17/2008 12:58 PM |