fix: harden cluster key rate limit cookie parsing (#4012)

Signed-off-by: EndlessSeeker <1766508902@qq.com>

plugins/wasm-go/extensions/cluster-key-rate-limit/util/utils.go

@@ -50,8 +50,8 @@ func ExtractCookieValueByKey(cookie string, key string) (value string) {
 	pairs := strings.Split(cookie, ";")
 	for _, pair := range pairs {
 		pair = strings.TrimSpace(pair)
-		kv := strings.Split(pair, "=")
-		if kv[0] == key {
+		kv := strings.SplitN(pair, "=", 2)
+		if len(kv) == 2 && kv[0] == key {
 			value = kv[1]
 			break
 		}

plugins/wasm-go/extensions/cluster-key-rate-limit/util/utils_test.go

@@ -0,0 +1,39 @@
+package util
+
+import "testing"
+
+func TestExtractCookieValueByKey(t *testing.T) {
+	tests := []struct {
+		name   string
+		cookie string
+		key    string
+		want   string
+	}{
+		{
+			name:   "extracts matching cookie value",
+			cookie: "user=alice; other=value",
+			key:    "user",
+			want:   "alice",
+		},
+		{
+			name:   "skips segment without equals sign",
+			cookie: "user; other=value",
+			key:    "user",
+			want:   "",
+		},
+		{
+			name:   "keeps equals signs in cookie value",
+			cookie: "user=alice=admin; other=value",
+			key:    "user",
+			want:   "alice=admin",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := ExtractCookieValueByKey(tt.cookie, tt.key); got != tt.want {
+				t.Fatalf("ExtractCookieValueByKey() = %q, want %q", got, tt.want)
+			}
+		})
+	}
+}