From a63df53fa9840c76de9172639b51b2401511b2d7 Mon Sep 17 00:00:00 2001
From: Jesse <jesse@gigalixir.com>
Date: Mon, 27 Apr 2020 11:19:42 -0700
Subject: [PATCH] Reject $ from cookies. Resolves #727

---
 lib/distillery/cookies.ex   | 2 +-
 test/cases/cookies_test.exs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/distillery/cookies.ex b/lib/distillery/cookies.ex
index 7d216d02..f55626ac 100644
--- a/lib/distillery/cookies.ex
+++ b/lib/distillery/cookies.ex
@@ -31,7 +31,7 @@ defmodule Distillery.Cookies do
     Stream.unfold(nil, fn _ -> {:crypto.strong_rand_bytes(1), nil} end)
     |> Stream.filter(fn <<b>> -> b >= ?! && b <= ?~ end)
     # special when erlexec parses vm.args
-    |> Stream.reject(fn <<b>> -> b in [?-, ?+, ?', ?\", ?\\, ?\#, ?,] end)
+    |> Stream.reject(fn <<b>> -> b in [?-, ?+, ?', ?\", ?\\, ?\#, ?,, ?$] end)
     |> Enum.take(64)
     |> Enum.join()
     |> String.to_atom()
diff --git a/test/cases/cookies_test.exs b/test/cases/cookies_test.exs
index e1b18d66..c22ea053 100644
--- a/test/cases/cookies_test.exs
+++ b/test/cases/cookies_test.exs
@@ -23,7 +23,7 @@ defmodule Distillery.Test.CookiesTest do
     str = Atom.to_string(x)
     chars = String.to_charlist(str)
 
-    with false <- String.contains?(str, ["-", "+", "'", "\"", "\\", "#", ","]),
+    with false <- String.contains?(str, ["-", "+", "'", "\"", "\\", "#", ",", "$"]),
          false <- Enum.any?(chars, fn b -> not (b >= ?! && b <= ?~) end),
          64 <- byte_size(str) do
       true