Raise ValueError when cookie max-age is not an integer (#2001)

* Raise valueerror when cookie max-age is not an integer
sanic-org · Jan 18, 2021 · 8f4e0ad · 8f4e0ad
1 parent 7028eae
commit 8f4e0ad
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/sanic/cookies.py b/sanic/cookies.py
@@ -109,7 +109,7 @@ def __setitem__(self, key, value):
         if value is not False:
             if key.lower() == "max-age":
                 if not str(value).isdigit():
-                    value = DEFAULT_MAX_AGE
+                    raise ValueError("Cookie max-age must be an integer")
             elif key.lower() == "expires":
                 if not isinstance(value, datetime):
                     raise TypeError(

diff --git a/tests/test_cookies.py b/tests/test_cookies.py
@@ -162,7 +162,7 @@ def handler(request):
     assert response.cookies["test"] == "pass"
 
 
-@pytest.mark.parametrize("max_age", ["0", 30, 30.0, 30.1, "30", "test"])
+@pytest.mark.parametrize("max_age", ["0", 30, "30"])
 def test_cookie_max_age(app, max_age):
     cookies = {"test": "wait"}
 
@@ -204,6 +204,23 @@ def handler(request):
         assert cookie is None
 
 
+@pytest.mark.parametrize("max_age", [30.0, 30.1, "test"])
+def test_cookie_bad_max_age(app, max_age):
+    cookies = {"test": "wait"}
+
+    @app.get("/")
+    def handler(request):
+        response = text("pass")
+        response.cookies["test"] = "pass"
+        response.cookies["test"]["max-age"] = max_age
+        return response
+
+    request, response = app.test_client.get(
+        "/", cookies=cookies, raw_cookies=True
+    )
+    assert response.status == 500
+
+
 @pytest.mark.parametrize(
     "expires", [datetime.utcnow() + timedelta(seconds=60)]
 )