CookiesTest.java revision 2102bde9d4afc2a7246b62ceaab495a8ec7401f3
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.net.http; 18 19import java.io.ByteArrayOutputStream; 20import java.io.IOException; 21import java.net.URISyntaxException; 22import java.util.logging.Logger; 23import java.util.logging.SimpleFormatter; 24import java.util.logging.StreamHandler; 25import junit.framework.TestCase; 26import org.apache.http.client.HttpClient; 27import org.apache.http.client.methods.HttpGet; 28import org.apache.http.impl.client.DefaultHttpClient; 29import tests.http.MockResponse; 30import tests.http.MockWebServer; 31 32public final class CookiesTest extends TestCase { 33 34 private MockWebServer server = new MockWebServer(); 35 36 @Override protected void tearDown() throws Exception { 37 server.shutdown(); 38 super.tearDown(); 39 } 40 41 /** 42 * Test that we don't log potentially sensitive cookie values. 43 * http://b/3095990 44 */ 45 public void testCookiesAreNotLogged() throws IOException, URISyntaxException { 46 // enqueue an HTTP response with a cookie that will be rejected 47 server.enqueue(new MockResponse() 48 .addHeader("Set-Cookie: password=secret; Domain=fake.domain")); 49 server.play(); 50 51 ByteArrayOutputStream out = new ByteArrayOutputStream(); 52 Logger logger = Logger.getLogger("org.apache.http"); 53 StreamHandler handler = new StreamHandler(out, new SimpleFormatter()); 54 logger.addHandler(handler); 55 try { 56 HttpClient client = new DefaultHttpClient(); 57 client.execute(new HttpGet(server.getUrl("/").toURI())); 58 handler.close(); 59 60 String log = out.toString("UTF-8"); 61 assertTrue(log, log.contains("password")); 62 assertTrue(log, log.contains("fake.domain")); 63 assertFalse(log, log.contains("secret")); 64 65 } finally { 66 logger.removeHandler(handler); 67 } 68 } 69} 70