Prevents generating cookies that contain commas (#663)

bitwalker · May 16, 2019 · 4776b59 · 4776b59
1 parent 47ac647
commit 4776b59
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/lib/distillery/lib/cookies.ex b/lib/distillery/lib/cookies.ex
@@ -31,7 +31,7 @@ defmodule Distillery.Cookies do
     Stream.unfold(nil, fn _ -> {:crypto.strong_rand_bytes(1), nil} end)
     |> Stream.filter(fn <<b>> -> b >= ?! && b <= ?~ end)
     # special when erlexec parses vm.args
-    |> Stream.reject(fn <<b>> -> b in [?-, ?+, ?', ?\", ?\\, ?\#] end)
+    |> Stream.reject(fn <<b>> -> b in [?-, ?+, ?', ?\", ?\\, ?\#, ?,] end)
     |> Enum.take(64)
     |> Enum.join()
     |> String.to_atom()

diff --git a/test/cases/cookies_test.exs b/test/cases/cookies_test.exs
@@ -23,7 +23,7 @@ defmodule Distillery.Test.CookiesTest do
     str = Atom.to_string(x)
     chars = String.to_charlist(str)
 
-    with false <- String.contains?(str, ["-", "+", "'", "\"", "\\", "#"]),
+    with false <- String.contains?(str, ["-", "+", "'", "\"", "\\", "#", ","]),
          false <- Enum.any?(chars, fn b -> not (b >= ?! && b <= ?~) end),
          64 <- byte_size(str) do
       true