Update simplew by stratdev3 · Pull Request #102 · MDA2AV/Http11Probe

stratdev3 · 2026-03-12T01:37:48Z

Hi,

An update for the SimpleW server.
Thanks to Http11Probe, I fixed a bunch of issue in my parser.

update nuget package

update Program.cs

github-actions · 2026-03-12T07:34:45Z

Http11Probe — Compliance Comparison

Server	Score
SimpleW	121/161	`███████████████░░░░░` 75%

✅ Baseline Passed

Compliance

Test	Expected	SimpleW
`BASELINE`	2xx	✅`200`
`BARE-LF-REQUEST-LINE`	400 or close (pass), 2xx (warn)	✅`400`
`BARE-LF-HEADER`	400 or close (pass), 2xx (warn)	✅`400`
`OBS-FOLD`	400	✅`400`
`SP-BEFORE-COLON`	400	✅`400`
`MULTI-SP-REQUEST-LINE`	400 or 2xx	✅`400`
`MISSING-HOST`	400	✅`400`
`INVALID-VERSION`	400/505 or close	✅`400`
`EMPTY-HEADER-NAME`	400 or close	✅`400`
`CR-ONLY-LINE-ENDING`	400	✅`400`
`MISSING-TARGET`	400 or close	✅`400`
`FRAGMENT-IN-TARGET`	400 or 2xx	❌`404`
`HTTP09-REQUEST`	400/close/timeout	✅`TimedOut`
`INVALID-HEADER-NAME`	400 or close	✅`400`
`HEADER-NO-COLON`	400 or close	✅`400`
`DUPLICATE-HOST`	400	✅`400`
`CL-NON-NUMERIC`	400 or close	✅`400`
`CL-PLUS-SIGN`	400 or close	✅`400`
`WHITESPACE-BEFORE-HEADERS`	400 or close	✅`400`
`DUPLICATE-HOST-SAME`	400	✅`400`
`HOST-WITH-USERINFO`	400 or close	✅`400`
`HOST-WITH-PATH`	400 or close	✅`400`
`ASTERISK-WITH-GET`	400 or close	✅`400`
`OPTIONS-STAR`	2xx	❌`400`
`UNKNOWN-TE-501`	400/501 or close	❌`200`
`LEADING-CRLF`	400 or 2xx	✅`400`
`ABSOLUTE-FORM`	2xx preferred; 400 warns	⚠️`400`
`METHOD-CASE`	400/405/501 or 2xx	❌`404`
`POST-CL-BODY`	2xx + echo	✅`200`
`POST-CL-ZERO`	2xx or close	✅`200`
`POST-NO-CL-NO-TE`	2xx or close	✅`200`
`POST-CL-UNDERSEND`	400/close/timeout	✅`TimedOut`
`CHUNKED-BODY`	2xx + echo	✅`200`
`CHUNKED-MULTI`	2xx + echo	✅`200`
`CHUNKED-EMPTY`	2xx or close	✅`200`
`CHUNKED-NO-FINAL`	400/close/timeout	✅`TimedOut`
`UPGRADE-POST`	!101	✅`200`
`UPGRADE-MISSING-CONN`	!101	✅`200`
`UPGRADE-UNKNOWN`	!101	✅`200`
`METHOD-CONNECT`	400/405/501 or close	✅`400`
`EXPECT-UNKNOWN`	417 or 2xx	⚠️`200`
`GET-WITH-CL-BODY`	400 or 2xx	⚠️`200`
`CHUNKED-EXTENSION`	2xx preferred; 400 warns	✅`200`
`UPGRADE-INVALID-VER`	non-101 (426 preferred)	⚠️`200`
`METHOD-TRACE`	405/501 or 2xx	❌`404`
`HOST-EMPTY-VALUE`	400 or close	✅`400`
`REQUEST-LINE-TAB`	400 or 2xx	✅`400`
`VERSION-MISSING-MINOR`	400 or close	✅`400`
`VERSION-LEADING-ZEROS`	400 or close	✅`400`
`VERSION-WHITESPACE`	400 or close	✅`400`
`CONNECTION-CLOSE`	2xx + close	✅`200`
`HTTP10-DEFAULT-CLOSE`	2xx + close	✅`200`
`HTTP10-NO-HOST`	200 or 400	⚠️`200`
`HTTP12-VERSION`	200 or 505	⚠️`200`
`TRACE-WITH-BODY`	400/405 or 200	❌`404`
`CHUNKED-TRAILER-VALID`	2xx + echo	✅`200`
`CHUNKED-HEX-UPPERCASE`	2xx + echo	✅`200`
`RANGE-POST`	2xx (Range ignored)	✅`200`
`UPGRADE-HTTP10`	!101	✅`200`
`HEAD-NO-BODY`	2xx with no body	❌`200`
`UNKNOWN-METHOD`	501/405/400 or close	❌`404`
`405-ALLOW`	405 + Allow header	⚠️`404`
`DATE-HEADER`	2xx with Date header	❌`200`
`DATE-FORMAT`	IMF-fixdate format	⚠️`200`
`NO-1XX-HTTP10`	non-1xx response	✅`200`
`NO-CL-IN-204`	204 without CL	⚠️`200`
`OPTIONS-ALLOW`	2xx with Allow header	✅`200`
`CONTENT-TYPE`	2xx with Content-Type	✅`200`
`VERSION-CASE`	400 or close	✅`400`
`LONG-URL-OK`	not 414	✅`404`
`SPACE-IN-TARGET`	400 or close	✅`400`
`DUPLICATE-CT`	400 or 2xx	⚠️`200`
`TRACE-SENSITIVE`	405/501, or 200 without Auth	❌`404`
`RANGE-INVALID`	200 or 416	✅`200`
`ACCEPT-NONSENSE`	406 or 2xx	⚠️`200`
`POST-UNSUPPORTED-CT`	415 or 2xx	✅`200`

Smuggling

Test	Expected	SimpleW
`CL-TE-BOTH`	400 or 2xx	⚠️`200`
`DUPLICATE-CL`	400 or close	✅`400`
`CL-LEADING-ZEROS`	400 or 2xx	⚠️`200`
`TE-XCHUNKED`	400/501 or close	❌`TimedOut`
`TE-TRAILING-SPACE`	400/501 or 2xx+close	❌`TimedOut`
`TE-SP-BEFORE-COLON`	400 or close	✅`400`
`CL-NEGATIVE`	400 or close	✅`400`
`CLTE-PIPELINE`	400 or close preferred; 2xx acceptable	⚠️`200`
`TECL-PIPELINE`	400 or close preferred; 2xx acceptable	⚠️`200`
`CL-TRAILING-SPACE`	400 or 2xx	⚠️`200`
`TE-DOUBLE-CHUNKED`	400 or 2xx	❌`TimedOut`
`CL-EXTRA-LEADING-SP`	400 or 2xx	⚠️`200`
`TE-CASE-MISMATCH`	400 or 2xx	❌`TimedOut`
`CL-COMMA-DIFFERENT`	400 or close	✅`400`
`TE-NOT-FINAL-CHUNKED`	400 or close	❌`200`
`TE-HTTP10`	400 or close	✅`TimedOut`
`CHUNK-BARE-SEMICOLON`	400 or close	❌`200`
`CHUNK-EXT-INVALID-TOKEN`	400 or close	❌`200`
`BARE-CR-HEADER-VALUE`	400 or close	✅`400`
`CL-OCTAL`	400 or close	✅`400`
`CHUNK-UNDERSCORE`	400 or close	✅`400`
`TE-EMPTY-VALUE`	400 or close	❌`200`
`TE-LEADING-COMMA`	400 or 2xx	❌`TimedOut`
`TE-DUPLICATE-HEADERS`	400 or close	✅`TimedOut`
`CHUNK-HEX-PREFIX`	400 or close	✅`400`
`CHUNK-SIZE-PLUS`	400 or close	✅`400`
`CHUNK-SIZE-TRAILING-OWS`	400 or close	❌`200`
`CL-HEX-PREFIX`	400 or close	✅`400`
`CL-INTERNAL-SPACE`	400 or close	✅`400`
`CHUNK-LEADING-SP`	400 or close	❌`200`
`CHUNK-MISSING-TRAILING-CRLF`	400 or close	✅`400`
`CHUNK-EXT-LF`	400 or 2xx	❌`TimedOut`
`CHUNK-SPILL`	400 or close	✅`400`
`CHUNK-LF-TERM`	400 or 2xx	✅`400`
`CHUNK-EXT-CTRL`	400 or close	❌`200`
`CHUNK-EXT-CR`	400 or close	❌`200`
`TE-VTAB`	400 or close	✅`TimedOut`
`TE-FORMFEED`	400 or close	✅`TimedOut`
`TE-NULL`	400 or close	✅`TimedOut`
`CHUNK-LF-TRAILER`	400 or 2xx	❌`TimedOut`
`TE-IDENTITY`	400/501 or close	❌`200`
`CHUNK-NEGATIVE`	400 or close	✅`400`
`TRANSFER_ENCODING`	400 or 2xx	⚠️`200`
`CL-COMMA-SAME`	400 or 2xx	✅`400`
`CL-COMMA-TRIPLE`	400 or 2xx	✅`400`
`CHUNKED-WITH-PARAMS`	400 or 2xx	❌`TimedOut`
`EXPECT-100-CL`	400 or 2xx	⚠️`200`
`TRAILER-CL`	400 or 2xx	⚠️`200`
`TRAILER-TE`	400 or 2xx	⚠️`200`
`TRAILER-HOST`	400 or 2xx	⚠️`200`
`TRAILER-AUTH`	400 or 2xx	⚠️`200`
`HEAD-CL-BODY`	400 or 2xx	⚠️`200`
`OPTIONS-CL-BODY`	400 or 2xx	⚠️`200`
`CL-UNDERSCORE`	400 or close	✅`400`
`CL-NEGATIVE-ZERO`	400 or close	✅`400`
`CL-DOUBLE-ZERO`	400 or 2xx	⚠️`200`
`CL-LEADING-ZEROS-OCTAL`	400 or 2xx	⚠️`200`
`TE-OBS-FOLD`	400 or 2xx+close	✅`400`
`TE-TRAILING-COMMA`	400 or 2xx	❌`TimedOut`
`TE-TAB-BEFORE-VALUE`	400 or 2xx	❌`TimedOut`
`ABSOLUTE-URI-HOST-MISMATCH`	400 or 2xx	✅`400`
`MULTIPLE-HOST-COMMA`	400 or close	❌`200`
`CHUNK-BARE-CR-TERM`	400 or close	✅`400`
`TRAILER-CONTENT-TYPE`	400 or 2xx	⚠️`200`
`CLTE-CONN-CLOSE`	400, or 2xx + close	❌`200`
`TECL-CONN-CLOSE`	400, or 2xx + close	❌`200`
`CLTE-DESYNC`	400, or close	❌`404`
`CLTE-SMUGGLED-GET`	400, or close (no extra response)	❌`200`
`CLTE-SMUGGLED-GET-CL-PLUS`	400, or close (no extra response)	✅`400`
`CLTE-SMUGGLED-GET-CL-NON-NUMERIC`	400, or close (no extra response)	✅`400`
`CLTE-SMUGGLED-GET-TE-OBS-FOLD`	400, or close (no extra response)	✅`400`
`CLTE-SMUGGLED-HEAD`	400, or close (no extra response)	❌`200`
`CLTE-SMUGGLED-GET-TE-TRAILING-SPACE`	400, or close (no extra response)	❌`200`
`CLTE-SMUGGLED-GET-TE-LEADING-COMMA`	400, or close (no extra response)	❌`200`
`CLTE-SMUGGLED-GET-TE-CASE-MISMATCH`	400, or close (no extra response)	❌`200`
`TE-DUPLICATE-HEADERS-SMUGGLED-GET`	400, or close (no extra response)	❌`200`
`TECL-SMUGGLED-GET`	400, or close (no extra response)	❌`200`
`DUPLICATE-CL-SMUGGLED-GET`	400, or close (no extra response)	✅`400`
`GET-CL-PREFIX-DESYNC`	400/close preferred; extra response on step 2 = warn	⚠️`200`
`TECL-DESYNC`	400, or close	❌`404`
`CL0-BODY-POISON`	400/close preferred; poisoned follow-up = warn	⚠️`404`
`GET-CL-BODY-DESYNC`	400/close/pass-through; poisoned follow-up = warn	✅`200`
`OPTIONS-CL-BODY-DESYNC`	400/close/pass-through; poisoned follow-up = warn	✅`200`
`EXPECT-100-CL-DESYNC`	417/400/close preferred; poisoned follow-up = warn	✅`200`
`OPTIONS-TE-OBS-FOLD`	400, or 2xx + close	✅`400`
`CHUNK-INVALID-SIZE-DESYNC`	400, or close	✅`400`
`PIPELINE-SAFE`	2xx + 2xx	✅`200`

Malformed Input

Test	Expected	SimpleW
`BINARY-GARBAGE`	400/close/timeout	✅`400`
`LONG-URL`	400/414/431 or close	✅`431`
`LONG-HEADER-VALUE`	400/431 or close	✅`431`
`MANY-HEADERS`	400/431 or close	✅`431`
`NUL-IN-URL`	400 or close	✅`400`
`CONTROL-CHARS-HEADER`	400 or close	❌`200`
`INCOMPLETE-REQUEST`	400/close/timeout	✅`TimedOut`
`EMPTY-REQUEST`	400/close/timeout	✅`TimedOut`
`LONG-HEADER-NAME`	400/431 or close	✅`431`
`LONG-METHOD`	400 or close	❌`431`
`NON-ASCII-HEADER-NAME`	400 or close	✅`400`
`NON-ASCII-URL`	400 or close	✅`400`
`CL-OVERFLOW`	400 or close	✅`400`
`WHITESPACE-ONLY-LINE`	400/close/timeout	✅`400`
`NUL-IN-HEADER-VALUE`	400 or close	❌`200`
`CHUNK-SIZE-OVERFLOW`	400 or close	✅`400`
`H2-PREFACE`	400/505/close/timeout	✅`400`
`CL-EMPTY`	400 or close	✅`400`
`CL-TAB-BEFORE-VALUE`	400 or 2xx	⚠️`200`
`URL-BACKSLASH`	400 or 2xx/404	⚠️`404`
`URL-OVERLONG-UTF8`	400 or close	✅`400`
`URL-PERCENT-NULL`	400 or 2xx/404	⚠️`404`
`URL-PERCENT-CRLF`	400 or 2xx/404	⚠️`404`
`CHUNK-EXT-64K`	400 or 2xx	⚠️`200`
`RANGE-OVERLAPPING`	200/206/400/416	⚠️`200`
`POST-CL-HUGE-NO-BODY`	400/close/timeout	❌`413`

Header Normalization

Test	Expected	SimpleW
`UNDERSCORE-CL`	Reject/drop (pass), normalize (fail), preserve (warn)	⚠️`200`
`SP-BEFORE-COLON-CL`	Reject/drop (pass), normalize (fail), preserve (warn)	✅`400`
`TAB-IN-NAME`	Reject/drop (pass), normalize (fail), preserve (warn)	✅`400`
`CASE-TE`	Reject/drop (pass), normalize casing (fail), preserve (warn)	❌`TimedOut`
`UNDERSCORE-TE`	Reject/drop (pass), normalize (fail), preserve (warn)	⚠️`200`

_{Commit: 1744dbd}

stratdev3 added 2 commits March 12, 2026 02:33

Update SimpleWServer.csproj

eadbe85

update nuget package

Update Program.cs

e85556e

update Program.cs

stratdev3 requested a review from MDA2AV March 12, 2026 01:38

stratdev3 marked this pull request as ready for review March 12, 2026 12:49

stratdev3 merged commit a1973d7 into MDA2AV:main Mar 12, 2026
2 of 3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update simplew#102

Update simplew#102
stratdev3 merged 2 commits intoMDA2AV:mainfrom
stratdev3:update-simplew

stratdev3 commented Mar 12, 2026

Uh oh!

github-actions bot commented Mar 12, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

stratdev3 commented Mar 12, 2026

Uh oh!

github-actions bot commented Mar 12, 2026

Http11Probe — Compliance Comparison

✅ Baseline Passed

Compliance

Smuggling

Malformed Input

Header Normalization

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant