Fix/http11 conformance#24
Merged
Merged
Conversation
Introduce HttpConnectionReader to buffer per-connection input (supports pipelining and prevents read-ahead loss) and provide byte-accurate line/body reads (ISO-8859-1 for lines, raw bytes for bodies). Update RequestParser to use the new reader, correctly handle Content-Length as octet counts, read chunked bodies into byte buffers, and avoid character-based over-reading. Change RequestProcessor.process to accept HttpConnectionReader and OutputStream and adapt IOServer to create/pass the reader per client socket. Enhance ResponseWriter to emit Content-Length: 0 for bodyless responses when a body is allowed to ensure definite framing on keep-alive connections. Add and update tests (HttpConnectionReaderTest, RequestParserTest, RequestProcessorTest, IOServerTest, ResponseWriterTest) and adjust mocks accordingly. Also add /.serena to .gitignore. Note: this includes an API change to RequestProcessor.process (signature change).
Add stricter protocol checks and defensive parsing to RequestParser and update tests accordingly. Changes include: enforce Host header for HTTP/1.1 and reject duplicate Host headers; treat presence of both Content-Length and Transfer-Encoding as a protocol error; validate Content-Length is numeric and non-negative; parse chunk-size lines while ignoring extensions and validate chunk sizes; enforce an aggregate cap on chunked bodies to prevent unbounded growth; correct keep-alive semantics to depend on HTTP version and explicit Connection header. Tests were adjusted (some header-limit tests use HTTP/1.0) and several new tests added for invalid Content-Length, invalid chunk sizes, chunk extensions, aggregate chunk size limit, Host header requirements, and ensuring RequestProcessor returns 400 for malformed Content-Length.
Add strict per-line framing and limits to HttpConnectionReader (CRLF required, 8KB max line length) to prevent request-smuggling and unbounded memory growth; invalid terminators or overlong lines now throw ProtocolException. Remove redundant header-size check from RequestParser since line limits are enforced by the reader. Refactor RequestProcessor to extract handler invocation and ensure Connection: close is honored even when handlers throw (500 responses also close). Update ResponseWriter to avoid duplicating the Date header when already set and to write headers/body using UTF-8. Add and adjust unit tests to cover bare-LF rejection, overlong lines, connection-close propagation on errors, non-duplicated Date header, and UTF-8 body writing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.