From 8f4e0ad3c8143f0c2ca415029beecc412aeb8e3d Mon Sep 17 00:00:00 2001 From: Adam Hopkins Date: Tue, 19 Jan 2021 01:11:39 +0200 Subject: [PATCH] Raise ValueError when cookie max-age is not an integer (#2001) * Raise valueerror when cookie max-age is not an integer --- sanic/cookies.py | 2 +- tests/test_cookies.py | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/sanic/cookies.py b/sanic/cookies.py index ed672fba1a..5387fcc540 100644 --- a/sanic/cookies.py +++ b/sanic/cookies.py @@ -109,7 +109,7 @@ def __setitem__(self, key, value): if value is not False: if key.lower() == "max-age": if not str(value).isdigit(): - value = DEFAULT_MAX_AGE + raise ValueError("Cookie max-age must be an integer") elif key.lower() == "expires": if not isinstance(value, datetime): raise TypeError( diff --git a/tests/test_cookies.py b/tests/test_cookies.py index 1c29c551aa..22ce938730 100644 --- a/tests/test_cookies.py +++ b/tests/test_cookies.py @@ -162,7 +162,7 @@ def handler(request): assert response.cookies["test"] == "pass" -@pytest.mark.parametrize("max_age", ["0", 30, 30.0, 30.1, "30", "test"]) +@pytest.mark.parametrize("max_age", ["0", 30, "30"]) def test_cookie_max_age(app, max_age): cookies = {"test": "wait"} @@ -204,6 +204,23 @@ def handler(request): assert cookie is None +@pytest.mark.parametrize("max_age", [30.0, 30.1, "test"]) +def test_cookie_bad_max_age(app, max_age): + cookies = {"test": "wait"} + + @app.get("/") + def handler(request): + response = text("pass") + response.cookies["test"] = "pass" + response.cookies["test"]["max-age"] = max_age + return response + + request, response = app.test_client.get( + "/", cookies=cookies, raw_cookies=True + ) + assert response.status == 500 + + @pytest.mark.parametrize( "expires", [datetime.utcnow() + timedelta(seconds=60)] )