< Summary

Information

Class:	System.Net.Http.HttpRuleParser
Assembly:	System.Net.Http
File(s):	D:\runner\runtime\src\libraries\System.Net.Http\src\System\Net\Http\HttpRuleParser.cs

Line coverage

92%

Covered lines:	146
Uncovered lines:	12
Coverable lines:	158
Total lines:	327
Line coverage:	92.4%

Branch coverage

92%

Covered branches:	78
Total branches:	84
Branch coverage:	92.8%

Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Metrics

Method	Branch coverage	Cyclomatic complexity	NPath complexity	Sequence coverage
.cctor()	100%	1	1	100%
GetTokenLength(...)	100%	2	2	100%
IsToken(...)	100%	1	1	100%
IsToken(...)	100%	1	1	0%
GetTokenString(...)	100%	1	1	0%
GetWhitespaceLength(...)	100%	8	8	100%
ContainsNewLineOrNull(...)	100%	1	1	100%
GetNumberLength(...)	91.66%	12	12	100%
GetHostLength(...)	92.85%	14	14	91.3%
GetCommentLength(...)	100%	1	1	100%
GetQuotedStringLength(...)	100%	1	1	100%
GetQuotedPairLength(...)	93.75%	16	16	100%
GetExpressionLength(...)	89.28%	28	28	90.69%
IsValidHostName(...)	100%	4	4	100%

File(s)

D:\runner\runtime\src\libraries\System.Net.Http\src\System\Net\Http\HttpRuleParser.cs

#	Line	Line coverage
	`1`	`// Licensed to the .NET Foundation under one or more agreements.`
	`2`	`// The .NET Foundation licenses this file to you under the MIT license.`
	`3`
	`4`	`using System.Buffers;`
	`5`	`using System.Diagnostics;`
	`6`	`using System.Text;`
	`7`
	`8`	`namespace System.Net.Http`
	`9`	`{`
	`10`	`internal static class HttpRuleParser`
	`11`	`{`
	`12`	`// token = 1*<any CHAR except CTLs or separators>`
	`13`	`// CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>`
1	`14`	`private static readonly SearchValues<char> s_tokenChars =`
1	`15`	SearchValues.Create("!#$%&'*+-.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz\|~");
	`16`
1	`17`	`private static readonly SearchValues<byte> s_tokenBytes =`
1	`18`	SearchValues.Create("!#$%&'*+-.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz\|~"u8);
	`19`
1	`20`	`private static readonly SearchValues<char> s_hostDelimiterChars =`
1	`21`	`SearchValues.Create("/ \t\r,");`
	`22`
	`23`	`// Characters such as '?' or '#' are interpreted as an end of the host part of the URI, so they will not be vali`
1	`24`	`private static readonly SearchValues<char> s_disallowedHostChars =`
1	`25`	`SearchValues.Create("/\\?#@");`
	`26`
	`27`	`private const int MaxNestedCount = 5;`
	`28`
	`29`	`internal const char CR = (char)13;`
	`30`	`internal const char LF = (char)10;`
	`31`	`internal const int MaxInt64Digits = 19;`
	`32`	`internal const int MaxInt32Digits = 10;`
	`33`
0	`34`	`internal static Encoding DefaultHttpEncoding => Encoding.Latin1;`
	`35`
	`36`	`internal static int GetTokenLength(string input, int startIndex)`
1238380	`37`	`{`
1238380	`38`	`Debug.Assert(input is not null);`
	`39`
1238380	`40`	`ReadOnlySpan<char> slice = input.AsSpan(startIndex);`
	`41`
1238380	`42`	`int index = slice.IndexOfAnyExcept(s_tokenChars);`
	`43`
1238380	`44`	`return index < 0 ? slice.Length : index;`
1238380	`45`	`}`
	`46`
	`47`	`internal static bool IsToken(ReadOnlySpan<char> input) =>`
307728	`48`	`!input.ContainsAnyExcept(s_tokenChars);`
	`49`
	`50`	`internal static bool IsToken(ReadOnlySpan<byte> input) =>`
0	`51`	`!input.ContainsAnyExcept(s_tokenBytes);`
	`52`
	`53`	`internal static string GetTokenString(ReadOnlySpan<byte> input)`
0	`54`	`{`
0	`55`	`Debug.Assert(IsToken(input));`
	`56`
0	`57`	`return Encoding.ASCII.GetString(input);`
0	`58`	`}`
	`59`
	`60`	`internal static int GetWhitespaceLength(string input, int startIndex)`
5938218	`61`	`{`
5938218	`62`	`Debug.Assert(input != null);`
	`63`
5938218	`64`	`if (startIndex >= input.Length)`
59934	`65`	`{`
59934	`66`	`return 0;`
	`67`	`}`
	`68`
5878284	`69`	`int current = startIndex;`
	`70`
	`71`	`char c;`
6044771	`72`	`while (current < input.Length)`
6044441	`73`	`{`
6044441	`74`	`c = input[current];`
	`75`
6044441	`76`	`if ((c == ' ') \|\| (c == '\t'))`
166487	`77`	`{`
166487	`78`	`current++;`
166487	`79`	`continue;`
	`80`	`}`
	`81`
5877954	`82`	`return current - startIndex;`
	`83`	`}`
	`84`
	`85`	`// All characters between startIndex and the end of the string are LWS characters.`
330	`86`	`return input.Length - startIndex;`
5938218	`87`	`}`
	`88`
	`89`	`// See https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5-5:`
	`90`	`// "Field values containing CR, LF, or NUL characters are invalid and dangerous"`
	`91`	`internal static bool ContainsNewLineOrNull(string value, int startIndex = 0) =>`
251003	`92`	`value.AsSpan(startIndex).ContainsAny('\r', '\n', '\0');`
	`93`
	`94`	`internal static int GetNumberLength(string input, int startIndex, bool allowDecimal)`
118179	`95`	`{`
118179	`96`	`Debug.Assert(input != null);`
118179	`97`	`Debug.Assert((startIndex >= 0) && (startIndex < input.Length));`
	`98`
118179	`99`	`int current = startIndex;`
	`100`	`char c;`
	`101`
	`102`	`// If decimal values are not allowed, we pretend to have read the '.' character already. I.e. if a dot is`
	`103`	`// found in the string, parsing will be aborted.`
118179	`104`	`bool haveDot = !allowDecimal;`
	`105`
	`106`	`// The RFC doesn't allow decimal values starting with dot. I.e. value ".123" is invalid. It must be in the`
	`107`	`// form "0.123". Also, there are no negative values defined in the RFC. So we'll just parse non-negative`
	`108`	`// values.`
	`109`	`// The RFC only allows decimal dots not ',' characters as decimal separators. Therefore value "1,23" is`
	`110`	`// considered invalid and must be represented as "1.23".`
118179	`111`	`if (input[current] == '.')`
10	`112`	`{`
10	`113`	`return 0;`
	`114`	`}`
	`115`
205149	`116`	`while (current < input.Length)`
204762	`117`	`{`
204762	`118`	`c = input[current];`
204762	`119`	`if (char.IsAsciiDigit(c))`
86459	`120`	`{`
86459	`121`	`current++;`
86459	`122`	`}`
118303	`123`	`else if (!haveDot && (c == '.'))`
521	`124`	`{`
	`125`	`// Note that value "1." is valid.`
521	`126`	`haveDot = true;`
521	`127`	`current++;`
521	`128`	`}`
	`129`	`else`
117782	`130`	`{`
117782	`131`	`break;`
	`132`	`}`
86980	`133`	`}`
	`134`
118169	`135`	`return current - startIndex;`
118179	`136`	`}`
	`137`
	`138`	`internal static int GetHostLength(string input, int startIndex, bool allowToken)`
109792	`139`	`{`
109792	`140`	`Debug.Assert(input != null);`
109792	`141`	`Debug.Assert(startIndex >= 0);`
	`142`
109792	`143`	`if (startIndex >= input.Length)`
0	`144`	`{`
0	`145`	`return 0;`
	`146`	`}`
	`147`
109792	`148`	`ReadOnlySpan<char> slice = input.AsSpan(startIndex);`
	`149`
	`150`	`// A 'host' is either a token (if 'allowToken' == true) or a valid host name as defined by the URI RFC.`
	`151`	`// So we first iterate through the string and search for path delimiters and whitespace. When found, stop`
	`152`	`// and try to use the substring as token or URI host name. If it works, we have a host name, otherwise not.`
109792	`153`	`int index = slice.IndexOfAny(s_hostDelimiterChars);`
109792	`154`	`if (index >= 0)`
54138	`155`	`{`
54138	`156`	`if (index == 0)`
34	`157`	`{`
34	`158`	`return 0;`
	`159`	`}`
	`160`
54104	`161`	`if (slice[index] == '/')`
72	`162`	`{`
72	`163`	`return 0; // Host header must not contain paths.`
	`164`	`}`
	`165`
54032	`166`	`slice = slice.Slice(0, index);`
54032	`167`	`}`
	`168`
109686	`169`	`if ((allowToken && IsToken(slice)) \|\| IsValidHostName(slice))`
109106	`170`	`{`
109106	`171`	`return slice.Length;`
	`172`	`}`
	`173`
580	`174`	`return 0;`
109792	`175`	`}`
	`176`
	`177`	`internal static HttpParseResult GetCommentLength(string input, int startIndex, out int length)`
4772	`178`	`{`
4772	`179`	`return GetExpressionLength(input, startIndex, '(', ')', true, 1, out length);`
4772	`180`	`}`
	`181`
	`182`	`internal static HttpParseResult GetQuotedStringLength(string input, int startIndex, out int length)`
61485	`183`	`{`
61485	`184`	`return GetExpressionLength(input, startIndex, '"', '"', false, 1, out length);`
61485	`185`	`}`
	`186`
	`187`	`// quoted-pair = "\" CHAR`
	`188`	`// CHAR = <any US-ASCII character (octets 0 - 127)>`
	`189`	`internal static HttpParseResult GetQuotedPairLength(string input, int startIndex, out int length)`
1761283	`190`	`{`
1761283	`191`	`Debug.Assert(input != null);`
1761283	`192`	`Debug.Assert((startIndex >= 0) && (startIndex < input.Length));`
	`193`
1761283	`194`	`length = 0;`
	`195`
1761283	`196`	`if (input[startIndex] != '\\')`
1760069	`197`	`{`
1760069	`198`	`return HttpParseResult.NotParsed;`
	`199`	`}`
	`200`
	`201`	`// Quoted-char has 2 characters. Check whether there are 2 chars left ('\' + char)`
	`202`	`// If so, check whether the character is in the range 0-127 and not a new line. Otherwise, it's an invalid v`
1214	`203`	`if ((startIndex + 2 > input.Length) \|\| (input[startIndex + 1] is > (char)127 or '\r' or '\n' or '\0'))`
897	`204`	`{`
897	`205`	`return HttpParseResult.InvalidFormat;`
	`206`	`}`
	`207`
	`208`	`// It doesn't matter what the char next to '\' is so we can skip along.`
317	`209`	`length = 2;`
317	`210`	`return HttpParseResult.Parsed;`
1761283	`211`	`}`
	`212`
	`213`	`// TEXT = <any OCTET except CTLs, but including LWS>`
	`214`	`// LWS = SP \| HT`
	`215`	`// CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>`
	`216`	`//`
	`217`	`// Since we don't really care about the content of a quoted string or comment, we're more tolerant and`
	`218`	`// allow these characters. We only want to find the delimiters ('"' for quoted string and '(', ')' for comment).`
	`219`	`//`
	`220`	`// 'nestedCount': Comments can be nested. We allow a depth of up to 5 nested comments, i.e. something like`
	`221`	`// "(((((comment)))))". If we wouldn't define a limit an attacker could send a comment with hundreds of nested`
	`222`	`// comments, resulting in a stack overflow exception. In addition having more than 1 nested comment (if any)`
	`223`	`// is unusual.`
	`224`	`private static HttpParseResult GetExpressionLength(string input, int startIndex, char openChar,`
	`225`	`char closeChar, bool supportsNesting, int nestedCount, out int length)`
72181	`226`	`{`
72181	`227`	`Debug.Assert(input != null);`
72181	`228`	`Debug.Assert((startIndex >= 0) && (startIndex < input.Length));`
	`229`
72181	`230`	`length = 0;`
	`231`
72181	`232`	`if (input[startIndex] != openChar)`
346	`233`	`{`
346	`234`	`return HttpParseResult.NotParsed;`
	`235`	`}`
	`236`
71835	`237`	`int current = startIndex + 1; // Start parsing with the character next to the first open-char.`
1825091	`238`	`while (current < input.Length)`
1824803	`239`	`{`
	`240`	`// Only check whether we have a quoted char, if we have at least 3 characters left to read (i.e.`
	`241`	`// quoted char + closing char). Otherwise the closing char may be considered part of the quoted char.`
	`242`	`int quotedPairLength;`
1824803	`243`	`if ((current + 2 < input.Length) &&`
1824803	`244`	`(GetQuotedPairLength(input, current, out quotedPairLength) == HttpParseResult.Parsed))`
317	`245`	`{`
	`246`	`// We ignore invalid quoted-pairs. Invalid quoted-pairs may mean that it looked like a quoted pair,`
	`247`	`// but we actually have a quoted-string: e.g. "\\u00FC" ('\' followed by a char >127 - quoted-pair o`
	`248`	`// allows ASCII chars after '\'; qdtext allows both '\' and >127 chars).`
317	`249`	`current += quotedPairLength;`
317	`250`	`continue;`
	`251`	`}`
	`252`
1824486	`253`	`char c = input[current];`
	`254`
1824486	`255`	`if (c == '\r' \|\| c == '\n' \|\| c == '\0')`
3642	`256`	`{`
3642	`257`	`return HttpParseResult.InvalidFormat;`
	`258`	`}`
	`259`
	`260`	`// If we support nested expressions and we find an open-char, then parse the nested expressions.`
1820844	`261`	`if (supportsNesting && (c == openChar))`
6112	`262`	`{`
	`263`	`// Check if we exceeded the number of nested calls.`
6112	`264`	`if (nestedCount > MaxNestedCount)`
188	`265`	`{`
188	`266`	`return HttpParseResult.InvalidFormat;`
	`267`	`}`
	`268`
	`269`	`int nestedLength;`
5924	`270`	`HttpParseResult nestedResult = GetExpressionLength(input, current, openChar, closeChar,`
5924	`271`	`supportsNesting, nestedCount + 1, out nestedLength);`
	`272`
5924	`273`	`switch (nestedResult)`
	`274`	`{`
	`275`	`case HttpParseResult.Parsed:`
4208	`276`	`current += nestedLength; // Add the length of the nested expression and continue.`
4208	`277`	`break;`
	`278`
	`279`	`case HttpParseResult.NotParsed:`
0	`280`	`Debug.Fail("'NotParsed' is unexpected: We started nested expression " +`
0	`281`	`"parsing, because we found the open-char. So either it's a valid nested " +`
0	`282`	`"expression or it has invalid format.");`
	`283`	`break;`
	`284`
	`285`	`case HttpParseResult.InvalidFormat:`
	`286`	`// If the nested expression is invalid, we can't continue, so we fail with invalid format.`
1716	`287`	`return HttpParseResult.InvalidFormat;`
	`288`
	`289`	`default:`
0	`290`	`Debug.Fail("Unknown enum result: " + nestedResult);`
	`291`	`break;`
	`292`	`}`
	`293`
	`294`	`// after nested call we continue with parsing`
4208	`295`	`continue;`
	`296`	`}`
	`297`
1814732	`298`	`if (input[current] == closeChar)`
66001	`299`	`{`
66001	`300`	`length = current - startIndex + 1;`
66001	`301`	`return HttpParseResult.Parsed;`
	`302`	`}`
1748731	`303`	`current++;`
1748731	`304`	`}`
	`305`
	`306`	`// We didn't find the final quote, therefore we have an invalid expression string.`
288	`307`	`return HttpParseResult.InvalidFormat;`
72181	`308`	`}`
	`309`
	`310`	`private static bool IsValidHostName(ReadOnlySpan<char> host)`
103038	`311`	`{`
103038	`312`	`if (host.ContainsAny(s_disallowedHostChars))`
198	`313`	`{`
198	`314`	`return false;`
	`315`	`}`
	`316`
	`317`	`// Using a trailing slash as Uri ignores trailing whitespace otherwise.`
102840	`318`	`if (!Uri.TryCreate($"http://{host}/", UriKind.Absolute, out _))`
382	`319`	`{`
382	`320`	`return false;`
	`321`	`}`
	`322`
102458	`323`	`Debug.Assert(!ContainsNewLineOrNull(host.ToString()));`
102458	`324`	`return true;`
103038	`325`	`}`
	`326`	`}`
	`327`	`}`

< Summary

Metrics

File(s)

D:\runner\runtime\src\libraries\System.Net.Http\src\System\Net\Http\HttpRuleParser.cs

Methods/Properties