CookiesTest.java revision 2102bde9d4afc2a7246b62ceaab495a8ec7401f3 
1/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net.http;
18
19import java.io.ByteArrayOutputStream;
20import java.io.IOException;
21import java.net.URISyntaxException;
22import java.util.logging.Logger;
23import java.util.logging.SimpleFormatter;
24import java.util.logging.StreamHandler;
25import junit.framework.TestCase;
26import org.apache.http.client.HttpClient;
27import org.apache.http.client.methods.HttpGet;
28import org.apache.http.impl.client.DefaultHttpClient;
29import tests.http.MockResponse;
30import tests.http.MockWebServer;
31
32public final class CookiesTest extends TestCase {
33
34    private MockWebServer server = new MockWebServer();
35
36    @Override protected void tearDown() throws Exception {
37        server.shutdown();
38        super.tearDown();
39    }
40
41    /**
42     * Test that we don't log potentially sensitive cookie values.
43     * http://b/3095990
44     */
45    public void testCookiesAreNotLogged() throws IOException, URISyntaxException {
46        // enqueue an HTTP response with a cookie that will be rejected
47        server.enqueue(new MockResponse()
48                .addHeader("Set-Cookie: password=secret; Domain=fake.domain"));
49        server.play();
50
51        ByteArrayOutputStream out = new ByteArrayOutputStream();
52        Logger logger = Logger.getLogger("org.apache.http");
53        StreamHandler handler = new StreamHandler(out, new SimpleFormatter());
54        logger.addHandler(handler);
55        try {
56            HttpClient client = new DefaultHttpClient();
57            client.execute(new HttpGet(server.getUrl("/").toURI()));
58            handler.close();
59
60            String log = out.toString("UTF-8");
61            assertTrue(log, log.contains("password"));
62            assertTrue(log, log.contains("fake.domain"));
63            assertFalse(log, log.contains("secret"));
64
65        } finally {
66            logger.removeHandler(handler);
67        }
68    }
69}
70