From 35b7a138c58fce72f67e4aea8e899d60cacdb9b7 Mon Sep 17 00:00:00 2001 From: Colin Casey Date: Tue, 19 Apr 2022 11:33:45 -0300 Subject: [PATCH] fix: domain match routine The domain match routine can fail in cases where the domain suffix characters can be located in the string before the suffix. Changing the logic to use `lastIndexOf` instead of `indexOf` seems more appropriate for testing the suffix here. --- lib/cookie.js | 2 +- test/domain_and_path_test.js | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/cookie.js b/lib/cookie.js index 73af4c8d..37d70ded 100644 --- a/lib/cookie.js +++ b/lib/cookie.js @@ -368,7 +368,7 @@ function domainMatch(str, domStr, canonicalize) { /* " o All of the following [three] conditions hold:" */ /* "* The domain string is a suffix of the string" */ - const idx = str.indexOf(domStr); + const idx = str.lastIndexOf(domStr); if (idx <= 0) { return false; // it's a non-match (-1) or prefix (0) } diff --git a/test/domain_and_path_test.js b/test/domain_and_path_test.js index 4291c5be..cfedfd74 100644 --- a/test/domain_and_path_test.js +++ b/test/domain_and_path_test.js @@ -33,7 +33,6 @@ const vows = require("vows"); const assert = require("assert"); const tough = require("../lib/cookie"); -const Cookie = tough.Cookie; function matchVows(func, table) { const theVows = {}; @@ -105,6 +104,9 @@ vows ["www.aaaa.com", "aaa.com", false], ["www.aaa.com", "aaa.com", true], ["www.aexample.com", "example.com", false], // has to match on "." boundary + ["computer.com", "com", true], // suffix string found at start of domain + ["becoming.com", "com", true], // suffix string found in middle of domain + ["sitcom.com", "com", true], // suffix string found just before the '.' boundary // S5.1.3 "The string is a host name (i.e., not an IP address)" ["192.168.0.1", "168.0.1", false], // because str is an IP (v4)