Reject $ from cookies. Resolves bitwalker#727

jesseshieh · Apr 27, 2020 · a63df53 · a63df53
1 parent 6700edb
commit a63df53
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/lib/distillery/cookies.ex b/lib/distillery/cookies.ex
@@ -31,7 +31,7 @@ defmodule Distillery.Cookies do
     Stream.unfold(nil, fn _ -> {:crypto.strong_rand_bytes(1), nil} end)
     |> Stream.filter(fn <<b>> -> b >= ?! && b <= ?~ end)
     # special when erlexec parses vm.args
-    |> Stream.reject(fn <<b>> -> b in [?-, ?+, ?', ?\", ?\\, ?\#, ?,] end)
+    |> Stream.reject(fn <<b>> -> b in [?-, ?+, ?', ?\", ?\\, ?\#, ?,, ?$] end)
     |> Enum.take(64)
     |> Enum.join()
     |> String.to_atom()

diff --git a/test/cases/cookies_test.exs b/test/cases/cookies_test.exs
@@ -23,7 +23,7 @@ defmodule Distillery.Test.CookiesTest do
     str = Atom.to_string(x)
     chars = String.to_charlist(str)
 
-    with false <- String.contains?(str, ["-", "+", "'", "\"", "\\", "#", ","]),
+    with false <- String.contains?(str, ["-", "+", "'", "\"", "\\", "#", ",", "$"]),
          false <- Enum.any?(chars, fn b -> not (b >= ?! && b <= ?~) end),
          64 <- byte_size(str) do
       true