#515 Make forgiving vs strict header list parsers.

Author: Tratcher

src/Microsoft.Net.Http.Headers/CookieHeaderParser.cs

@@ -7,11 +7,6 @@ namespace Microsoft.Net.Http.Headers
 {
     internal class CookieHeaderParser : HttpHeaderParser<CookieHeaderValue>
     {
-        // The Cache-Control header is special: It is a header supporting a list of values, but we represent the list
-        // as _one_ instance of CacheControlHeaderValue. I.e we set 'SupportsMultipleValues' to 'true' since it is
-        // OK to have multiple Cache-Control headers in a request/response message. However, after parsing all
-        // Cache-Control headers, only one instance of CacheControlHeaderValue is created (if all headers contain valid
-        // values, otherwise we may have multiple strings containing the invalid values).
         internal CookieHeaderParser(bool supportsMultipleValues)
             : base(supportsMultipleValues)
         {
@@ -49,14 +44,11 @@ public sealed override bool TryParseValue(string value, ref int index, out Cooki
             }
 
             CookieHeaderValue result = null;
-            int length = CookieHeaderValue.GetCookieLength(value, current, out result);
-
-            if (length == 0)
+            if (!CookieHeaderValue.TryGetCookieLength(value, ref current, out result))
             {
                 return false;
             }
 
-            current = current + length;
             current = GetNextNonEmptyOrWhitespaceIndex(value, current, SupportsMultipleValues, out separatorFound);
 
             // If we support multiple values and we've not reached the end of the string, then we must have a separator.
@@ -91,6 +83,7 @@ private static int GetNextNonEmptyOrWhitespaceIndex(string input, int startIndex
 
             if (skipEmptyValues)
             {
+                // Most headers only split on ',', but cookies primarily split on ';'
                 while ((current < input.Length) && ((input[current] == ',') || (input[current] == ';')))
                 {
                     current++; // skip delimiter.

src/Microsoft.Net.Http.Headers/CookieHeaderValue.cs

@@ -107,22 +107,31 @@ public static IList<CookieHeaderValue> ParseList(IList<string> inputs)
             return MultipleValueParser.ParseValues(inputs);
         }
 
+        public static IList<CookieHeaderValue> ParseStrictList(IList<string> inputs)
+        {
+            return MultipleValueParser.ParseStrictValues(inputs);
+        }
+
         public static bool TryParseList(IList<string> inputs, out IList<CookieHeaderValue> parsedValues)
         {
             return MultipleValueParser.TryParseValues(inputs, out parsedValues);
         }
 
+        public static bool TryParseStrictList(IList<string> inputs, out IList<CookieHeaderValue> parsedValues)
+        {
+            return MultipleValueParser.TryParseStrictValues(inputs, out parsedValues);
+        }
+
         // name=value; name="value"
-        internal static int GetCookieLength(string input, int startIndex, out CookieHeaderValue parsedValue)
+        internal static bool TryGetCookieLength(string input, ref int offset, out CookieHeaderValue parsedValue)
         {
-            Contract.Requires(startIndex >= 0);
-            var offset = startIndex;
+            Contract.Requires(offset >= 0);
 
             parsedValue = null;
 
             if (string.IsNullOrEmpty(input) || (offset >= input.Length))
             {
-                return 0;
+                return false;
             }
 
             var result = new CookieHeaderValue();
@@ -135,44 +144,41 @@ internal static int GetCookieLength(string input, int startIndex, out CookieHead
             var itemLength = HttpRuleParser.GetTokenLength(input, offset);
             if (itemLength == 0)
             {
-                return 0;
+                return false;
             }
             result._name = input.Substring(offset, itemLength);
             offset += itemLength;
 
             // = (no spaces)
             if (!ReadEqualsSign(input, ref offset))
             {
-                return 0;
+                return false;
             }
 
-            string value;
             // value or "quoted value"
-            itemLength = GetCookieValueLength(input, offset, out value);
             // The value may be empty
-            result._value = input.Substring(offset, itemLength);
-            offset += itemLength;
+            result._value = GetCookieValue(input, ref offset);
 
             parsedValue = result;
-            return offset - startIndex;
+            return true;
         }
 
         // cookie-value      = *cookie-octet / ( DQUOTE* cookie-octet DQUOTE )
         // cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
         //                     ; US-ASCII characters excluding CTLs, whitespace DQUOTE, comma, semicolon, and backslash
-        internal static int GetCookieValueLength(string input, int startIndex, out string value)
+        internal static string GetCookieValue(string input, ref int offset)
         {
             Contract.Requires(input != null);
-            Contract.Requires(startIndex >= 0);
-            Contract.Ensures((Contract.Result<int>() >= 0) && (Contract.Result<int>() <= (input.Length - startIndex)));
+            Contract.Requires(offset >= 0);
+            Contract.Ensures((Contract.Result<int>() >= 0) && (Contract.Result<int>() <= (input.Length - offset)));
+
+            var startIndex = offset;
 
-            value = null;
-            if (startIndex >= input.Length)
+            if (offset >= input.Length)
             {
-                return 0;
+                return string.Empty;
             }
             var inQuotes = false;
-            var offset = startIndex;
 
             if (input[offset] == '"')
             {
@@ -195,19 +201,19 @@ internal static int GetCookieValueLength(string input, int startIndex, out strin
             {
                 if (offset == input.Length || input[offset] != '"')
                 {
-                    return 0; // Missing final quote
+                    // Missing final quote
+                    return string.Empty;
                 }
                 offset++;
             }
 
             int length = offset - startIndex;
-            if (length == 0)
+            if (offset > startIndex)
             {
-                return 0;
+                return input.Substring(startIndex, length);
             }
 
-            value = input.Substring(startIndex, length);
-            return length;
+            return string.Empty;
         }
 
         private static bool ReadEqualsSign(string input, ref int offset)
@@ -252,8 +258,9 @@ internal static void CheckValueFormat(string value, string parameterName)
                 throw new ArgumentNullException(nameof(value));
             }
 
-            string temp;
-            if (GetCookieValueLength(value, 0, out temp) != value.Length)
+            var offset = 0;
+            var result = GetCookieValue(value, ref offset);
+            if (result.Length != value.Length)
             {
                 throw new ArgumentException("Invalid cookie value: " + value, parameterName);
             }

src/Microsoft.Net.Http.Headers/EntityTagHeaderValue.cs

@@ -129,11 +129,21 @@ public static IList<EntityTagHeaderValue> ParseList(IList<string> inputs)
             return MultipleValueParser.ParseValues(inputs);
         }
 
+        public static IList<EntityTagHeaderValue> ParseStrictList(IList<string> inputs)
+        {
+            return MultipleValueParser.ParseStrictValues(inputs);
+        }
+
         public static bool TryParseList(IList<string> inputs, out IList<EntityTagHeaderValue> parsedValues)
         {
             return MultipleValueParser.TryParseValues(inputs, out parsedValues);
         }
 
+        public static bool TryParseStrictList(IList<string> inputs, out IList<EntityTagHeaderValue> parsedValues)
+        {
+            return MultipleValueParser.TryParseStrictValues(inputs, out parsedValues);
+        }
+
         internal static int GetEntityTagLength(string input, int startIndex, out EntityTagHeaderValue parsedValue)
         {
             Contract.Requires(startIndex >= 0);

src/Microsoft.Net.Http.Headers/HttpHeaderParser.cs

@@ -39,13 +39,23 @@ public T ParseValue(string value, ref int index)
             T result;
             if (!TryParseValue(value, ref index, out result))
             {
-                throw new FormatException(string.Format(CultureInfo.InvariantCulture, "Invalid value '{0}'.",
-                    value?.Substring(index) ?? "<null>"));
+                throw new FormatException(string.Format(CultureInfo.InvariantCulture,
+                    "The header contains invalid values at index {0}: '{1}'", index, value ?? "<null>"));
             }
             return result;
         }
 
         public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValues)
+        {
+            return TryParseValues(values, strict: false, parsedValues: out parsedValues);
+        }
+
+        public virtual bool TryParseStrictValues(IList<string> values, out IList<T> parsedValues)
+        {
+            return TryParseValues(values, strict: true, parsedValues: out parsedValues);
+        }
+
+        protected virtual bool TryParseValues(IList<string> values, bool strict, out IList<T> parsedValues)
         {
             Contract.Assert(_supportsMultipleValues);
             // If a parser returns an empty list, it means there was no value, but that's valid (e.g. "Accept: "). The caller
@@ -71,10 +81,15 @@ public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValu
                             results.Add(output);
                         }
                     }
-                    else
+                    else if (strict)
                     {
                         return false;
                     }
+                    else
+                    {
+                        // Skip the invalid values and keep trying.
+                        index++;
+                    }
                 }
             }
             if (results.Count > 0)
@@ -85,7 +100,17 @@ public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValu
             return false;
         }
 
-        public IList<T> ParseValues(IList<string> values)
+        public virtual IList<T> ParseValues(IList<string> values)
+        {
+            return ParseValues(values, strict: false);
+        }
+
+        public virtual IList<T> ParseStrictValues(IList<string> values)
+        {
+            return ParseValues(values, strict: true);
+        }
+
+        protected virtual IList<T> ParseValues(IList<string> values, bool strict)
         {
             Contract.Assert(_supportsMultipleValues);
             // If a parser returns an empty list, it means there was no value, but that's valid (e.g. "Accept: "). The caller
@@ -110,10 +135,15 @@ public IList<T> ParseValues(IList<string> values)
                             parsedValues.Add(output);
                         }
                     }
+                    else if (strict)
+                    {
+                        throw new FormatException(string.Format(CultureInfo.InvariantCulture,
+                            "The header contains invalid values at index {0}: '{1}'", index, value));
+                    }
                     else
                     {
-                        throw new FormatException(string.Format(CultureInfo.InvariantCulture, "Invalid values '{0}'.",
-                            value.Substring(index)));
+                        // Skip the invalid values and keep trying.
+                        index++;
                     }
                 }
             }

src/Microsoft.Net.Http.Headers/MediaTypeHeaderValue.cs

@@ -391,11 +391,21 @@ public static IList<MediaTypeHeaderValue> ParseList(IList<string> inputs)
             return MultipleValueParser.ParseValues(inputs);
         }
 
+        public static IList<MediaTypeHeaderValue> ParseStrictList(IList<string> inputs)
+        {
+            return MultipleValueParser.ParseStrictValues(inputs);
+        }
+
         public static bool TryParseList(IList<string> inputs, out IList<MediaTypeHeaderValue> parsedValues)
         {
             return MultipleValueParser.TryParseValues(inputs, out parsedValues);
         }
 
+        public static bool TryParseStrictList(IList<string> inputs, out IList<MediaTypeHeaderValue> parsedValues)
+        {
+            return MultipleValueParser.TryParseStrictValues(inputs, out parsedValues);
+        }
+
         private static int GetMediaTypeLength(string input, int startIndex, out MediaTypeHeaderValue parsedValue)
         {
             Contract.Requires(startIndex >= 0);

src/Microsoft.Net.Http.Headers/NameValueHeaderValue.cs

@@ -158,11 +158,21 @@ public static IList<NameValueHeaderValue> ParseList(IList<string> input)
             return MultipleValueParser.ParseValues(input);
         }
 
+        public static IList<NameValueHeaderValue> ParseStrictList(IList<string> input)
+        {
+            return MultipleValueParser.ParseStrictValues(input);
+        }
+
         public static bool TryParseList(IList<string> input, out IList<NameValueHeaderValue> parsedValues)
         {
             return MultipleValueParser.TryParseValues(input, out parsedValues);
         }
 
+        public static bool TryParseStrictList(IList<string> input, out IList<NameValueHeaderValue> parsedValues)
+        {
+            return MultipleValueParser.TryParseStrictValues(input, out parsedValues);
+        }
+
         public override string ToString()
         {
             if (!string.IsNullOrEmpty(_value))

src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs

@@ -156,11 +156,21 @@ public static IList<SetCookieHeaderValue> ParseList(IList<string> inputs)
             return MultipleValueParser.ParseValues(inputs);
         }
 
+        public static IList<SetCookieHeaderValue> ParseStrictList(IList<string> inputs)
+        {
+            return MultipleValueParser.ParseStrictValues(inputs);
+        }
+
         public static bool TryParseList(IList<string> inputs, out IList<SetCookieHeaderValue> parsedValues)
         {
             return MultipleValueParser.TryParseValues(inputs, out parsedValues);
         }
 
+        public static bool TryParseStrictList(IList<string> inputs, out IList<SetCookieHeaderValue> parsedValues)
+        {
+            return MultipleValueParser.TryParseStrictValues(inputs, out parsedValues);
+        }
+
         // name=value; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; httponly
         private static int GetSetCookieLength(string input, int startIndex, out SetCookieHeaderValue parsedValue)
         {
@@ -195,12 +205,9 @@ private static int GetSetCookieLength(string input, int startIndex, out SetCooki
                 return 0;
             }
 
-            string value;
             // value or "quoted value"
-            itemLength = CookieHeaderValue.GetCookieValueLength(input, offset, out value);
             // The value may be empty
-            result._value = input.Substring(offset, itemLength);
-            offset += itemLength;
+            result._value = CookieHeaderValue.GetCookieValue(input, ref offset);
 
             // *(';' SP cookie-av)
             while (offset < input.Length)

src/Microsoft.Net.Http.Headers/StringWithQualityHeaderValue.cs

@@ -119,11 +119,21 @@ public static IList<StringWithQualityHeaderValue> ParseList(IList<string> input)
             return MultipleValueParser.ParseValues(input);
         }
 
+        public static IList<StringWithQualityHeaderValue> ParseStrictList(IList<string> input)
+        {
+            return MultipleValueParser.ParseStrictValues(input);
+        }
+
         public static bool TryParseList(IList<string> input, out IList<StringWithQualityHeaderValue> parsedValues)
         {
             return MultipleValueParser.TryParseValues(input, out parsedValues);
         }
 
+        public static bool TryParseStrictList(IList<string> input, out IList<StringWithQualityHeaderValue> parsedValues)
+        {
+            return MultipleValueParser.TryParseStrictValues(input, out parsedValues);
+        }
+
         private static int GetStringWithQualityLength(string input, int startIndex, out StringWithQualityHeaderValue parsedValue)
         {
             Contract.Requires(startIndex >= 0);