Skip to content

fix(http): relax cookies parser to support HTTP 1.0 and ANSI C timestamp formats#6290

Merged
bluestreak01 merged 5 commits intomasterfrom
copilot/add-relaxed-timestamp-parsing
Oct 31, 2025
Merged

fix(http): relax cookies parser to support HTTP 1.0 and ANSI C timestamp formats#6290
bluestreak01 merged 5 commits intomasterfrom
copilot/add-relaxed-timestamp-parsing

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Oct 21, 2025
edited
Loading

Problem

The HTTP header parser was unable to parse cookie Expires values with 2-digit year formats (HTTP 1.0 era) and ANSI C asctime formats, resulting in errors like:

invalid cookie Expires value [value=Mon, 20-Oct-25 15:57:56 GMT]

While these formats are deprecated in favor of 4-digit years per RFC 2616, some legacy systems still use them in the wild. Per RFC 2616 Section 3.3.1, HTTP clients should support three date formats: RFC 1123, RFC 850, and ANSI C asctime.

Solution

Added new HTTP date format patterns to support legacy date formats:

  1. HTTP 1.0 with 2-digit years: E, d-MMM-yy HH:mm:ss Z
  2. ANSI C asctime format: E MMM dd HH:mm:ss yyyy and E MMM d HH:mm:ss yyyy

The patterns are added as fallback formats after the standard HTTP and Microsoft EntraID formats, ensuring:

  • Backward compatibility: Existing 4-digit year formats are parsed first
  • Automatic year adjustment: 2-digit years are interpreted relative to the current century using the existing adjustYear() method
  • Minimal performance impact: The new patterns are only tried after standard formats fail
  • RFC 2616 compliance: Supports all three recommended HTTP date formats

Changes

  1. MicrosFormatUtils.java: Added HTTP 1.0 and ANSI C date patterns to httpPatterns array
  2. MicrosTest.java: Added unit tests for direct HTTP date parsing with 2-digit years and ANSI C formats
  3. HttpHeaderParserTest.java: Added end-to-end tests for complete cookie parsing flow with both formats

Testing

  • All existing tests pass (80 in MicrosTest, 41 in HttpHeaderParserTest, 250+ date-related tests)
  • New tests verify both direct parsing and end-to-end cookie handling
  • Examples:
    • HTTP 1.0: Mon, 20-Oct-25 15:57:56 GMT correctly parses as October 20, 2025
    • ANSI C: Sun Nov 6 08:49:37 1994 correctly parses as November 6, 1994

Fixes the issue where legitimate but deprecated HTTP cookie dates were being rejected.

Fixes #6289

Original prompt

This section details on the original issue you should resolve

<issue_title>HttpHeaderParser - relaxed timestamp parsing</issue_title>
<issue_description>### Is your feature request related to a problem?

I was this in the wild: invalid cookie Expires value [value=Mon, 20-Oct-25 15:57:56 GMT]

Apparently, this 2-digit year format is an HTTP 1.0-era format. Technically, it should not be used anymore, but apparently some system still uses it. Our cookie handler should be able to parse this format.

Describe the solution you'd like.

Add a new pattern to

questdb/core/src/main/java/io/questdb/std/datetime/microtime/MicrosFormatUtils.java

Lines 381 to 384 in f0ba286

final String[] httpPatterns = new String[]{ // priority sorted
"E, d MMM yyyy HH:mm:ss Z", // HTTP standard
"E, d-MMM-yyyy HH:mm:ss Z" // Microsoft EntraID
};
and write tests

Describe alternatives you've considered.

No response

Full Name:

Jaromir Hamala

Affiliation:

QuestDB

Additional context

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #6289

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Oct 21, 2025
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ bluestreak01
❌ Copilot
You have signed the CLA already but the status is still pending? Let us recheck it.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Oct 21, 2025
edited
Loading

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The changes add support for parsing HTTP 1.0-era date formats with 2-digit years (e.g., "Mon, 20-Oct-25 15:57:56 GMT") to the HTTP date-time format parser. This enables proper handling of legacy cookie Expires timestamps. Tests verify the parsing capability for the new format.

Changes

Cohort / File(s) Summary
HTTP date format pattern addition
core/src/main/java/io/questdb/std/datetime/microtime/MicrosFormatUtils.java		 Added HTTP 1.0 date-time pattern "E, d-MMM-yy HH:mm:ss Z" (2-digit year) to HTTP_FORMATS initialization to support legacy cookie Expires timestamps.
Test coverage for 2-digit year parsing
core/src/test/java/io/questdb/test/cutlass/http/HttpHeaderParserTest.java, core/src/test/java/io/questdb/test/std/datetime/microtime/MicrosTest.java		 Added testCookiesWithTwoDigitYear method in HttpHeaderParserTest and two HTTP date parsing tests in MicrosTest to verify parseHTTP correctly handles 2-digit year formats (e.g., "Mon, 20-Oct-25 15:57:56 GMT").

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

The changes are straightforward: a single pattern addition to a format list and corresponding test coverage. The modifications are homogeneous and localized. Review effort focuses on verifying the regex pattern correctness, ensuring test cases adequately validate the new format, and confirming no regressions to existing 4-digit year parsing.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (4 passed)
Check name Status Explanation
Title Check ✅ Passed The pull request title "fix(http): relax cookies parser to support HTTP 1.0 timestamp with 2 digits year" is clear, specific, and directly captures the main objective of the changeset. It accurately describes the primary change—adding support for parsing HTTP 1.0-era cookie timestamps with 2-digit years. The title is concise and helps developers scanning the commit history understand what was fixed.
Linked Issues Check ✅ Passed The code changes directly address the objectives specified in linked issue #6289. The PR adds a new HTTP date format pattern "E, d-MMM-yy HH:mm:ss Z" to MicrosFormatUtils.java to support 2-digit year parsing [#6289], includes unit tests in MicrosTest.java for direct HTTP date parsing with 2-digit years [#6289], and provides an end-to-end integration test in HttpHeaderParserTest.java for complete cookie parsing flow [#6289]. All primary coding requirements from the linked issue have been implemented with appropriate test coverage.
Out of Scope Changes Check ✅ Passed All code changes in this pull request are directly related to the stated objective of supporting HTTP 1.0 2-digit year timestamp parsing. The modifications to MicrosFormatUtils.java add the required pattern, changes to MicrosTest.java and HttpHeaderParserTest.java implement the required tests. No unrelated or extraneous changes were introduced outside the scope of relaxing the cookie parser for legacy timestamp formats. The summary notes a duplication in the test method, but this appears to be a quality concern rather than an out-of-scope change.
Description Check ✅ Passed The pull request description is well-structured and clearly related to the changeset. It provides context about the problem (legacy HTTP 1.0 2-digit year formats not being parsed), the solution approach (adding a new date pattern with year adjustment), and details about the implementation and testing. The description explains the motivation, solution rationale, and verification approach, making it easy to understand the purpose of the changes.

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI changed the title [WIP] Add relaxed timestamp parsing for cookie handler Add support for HTTP 1.0 2-digit year format in cookie Expires parsing Oct 21, 2025
Copilot AI requested a review from jerrinot October 21, 2025 08:28
@jerrinot jerrinot changed the title Add support for HTTP 1.0 2-digit year format in cookie Expires parsing fix(http): relax cookies parser to support HTTP 1.0 timestamp with 2 digits year Oct 21, 2025
jerrinot
jerrinot approved these changes Oct 21, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jerrinot jerrinot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking good, I manually checked 1760975876000000L and it indeed it does represent Mon Oct 20 2025 15:57:56 GMT+0000 as expected.

@jerrinot jerrinot marked this pull request as ready for review October 21, 2025 08:40
@ideoma
Copy link
Copy Markdown
Collaborator

ideoma commented Oct 21, 2025

@coderabbitai review

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Oct 21, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

glasstiger
glasstiger previously approved these changes Oct 21, 2025
View reviewed changes
@jerrinot
Copy link
Copy Markdown
Contributor

jerrinot commented Oct 21, 2025

@copilot add also support for the ANSI C format

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Oct 21, 2025

@copilot add also support for the ANSI C format

Added support for ANSI C asctime format (E MMM d HH:mm:ss yyyy and E MMM d HH:mm:ss yyyy for space-padded single-digit days). Examples: Mon Oct 20 15:57:56 2025 and Sun Nov 6 08:49:37 1994. See commit for details.

Copilot AI changed the title fix(http): relax cookies parser to support HTTP 1.0 timestamp with 2 digits year fix(http): relax cookies parser to support HTTP 1.0 and ANSI C timestamp formats Oct 21, 2025
Copilot AI requested a review from jerrinot October 21, 2025 10:11
@RaphDal RaphDal self-requested a review October 28, 2025 15:08
@glasstiger
Copy link
Copy Markdown
Contributor

glasstiger commented Oct 28, 2025

[PR Coverage check]

😍 pass : 0 / 0 (0%)

@bluestreak01 bluestreak01 merged commit 23b9f2a into master Oct 31, 2025
34 checks passed
@bluestreak01 bluestreak01 deleted the copilot/add-relaxed-timestamp-parsing branch October 31, 2025 02:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaphDal RaphDal RaphDal approved these changes

@glasstiger glasstiger glasstiger left review comments

@jerrinot jerrinot Awaiting requested review from jerrinot

Assignees

@jerrinot jerrinot

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

HttpHeaderParser - relaxed timestamp parsing

7 participants

@CLAassistant @ideoma @jerrinot @glasstiger @RaphDal @bluestreak01