mighty-gerbils/gerbil
mighty-gerbils/gerbil
6
1
Fork 1
Code Issues 135 Pull requests 6 Projects Releases Wiki Activity

tests: add HTTP server unit tests and fix several identified bugs #1471

Open
HMarcien wants to merge 5 commits from hmarcien/net-http-tests into v0.19-staging AGit
pull from: hmarcien/net-http-tests
merge into: mighty-gerbils:v0.19-staging
Conversation 1 Commits 5 Files changed 10 +330 -90
HMarcien commented 2026-06-29 01:03:17 +00:00
Member
Copy link
  • Add new unit tests to improve HTTP server coverage.
  • Fix a security bug where URL-encoded paths allowed directory traversal.
  • Add proper support for HTTP HEAD requests with Content-Length headers.
  • Refactored the handler structure to route requests based on HTTP methods.
  • Automatically reject unsupported methods with a 405 status.
  • Fix static mux parsing to allow chaining multiple rules.
- Add new unit tests to improve HTTP server coverage. - Fix a security bug where URL-encoded paths allowed directory traversal. - Add proper support for HTTP HEAD requests with Content-Length headers. - Refactored the handler structure to route requests based on HTTP methods. - Automatically reject unsupported methods with a 405 status. - Fix static mux parsing to allow chaining multiple rules. 
FreeBSD throw an EINVAL error if the socket address size is too large (128 bytes from the union instead of 16 for IPv4). This commit updates the ffi to calculate and send the exact size based on the address family, preventing the crash.
The "large data blob" test was crashing due to a TCP deadlock.

The HTTP client was trying to write the entire request body before reading the server's response. With a full-duplex server (using `io-copy!`), this fills up the OS TCP buffers and blocks both sides.

Fix: Use `spawn` to write the request in a background thread. The main thread can now read the response immediately, avoiding the deadlock.
- Add new unit tests to improve HTTP server coverage.
- Fix a security bug where URL-encoded paths allowed directory traversal.
- Add proper support for HTTP HEAD requests with Content-Length headers.
- Refactored the handler structure to route requests based on HTTP methods.
- Automatically reject unsupported methods with a 405 status.
- Fix static mux parsing to allow chaining multiple rules.
HMarcien requested review from vyzo 2026-06-29 01:05:19 +00:00
fare reviewed 2026-06-30 09:13:40 +00:00
src/std/net/http/client/request.ss
@ -65,1 +68,4 @@
(catch (e)
(void)))))
;; read request head (executes concurrently with the writer thread)
(let* (((values status status-line)
fare commented 2026-06-30 09:01:23 +00:00
Owner
Copy link

Don't we want to thread-join! or otherwise catch any subthread error in the main thread (after maybe using ##thread-end-with-uncaught-exception! in the internal thread)?

Don't we want to thread-join! or otherwise catch any subthread error in the main thread (after maybe using ##thread-end-with-uncaught-exception! in the internal thread)?
HMarcien commented 2026-06-30 11:02:34 +00:00
Author
Member
Copy link

My initial intuition, was that we could just let the Gambit runtime silently swallow the EPIPE without needing to join.

However, if we do a synchronous thread-join!, I think we will recreate the TCP deadlock: if the server stops reading (e.g. for a 413) but keeps the socket open, the writer thread will block on I/O and the main thread will deadlock on the join.

Because of this, I will go with your second suggestion and use ##thread-end-with-uncaught-exception! to surface real bugs without blocking the main thread.

My initial intuition, was that we could just let the Gambit runtime silently swallow the EPIPE without needing to join. However, if we do a synchronous thread-join!, I think we will recreate the TCP deadlock: if the server stops reading (e.g. for a 413) but keeps the socket open, the writer thread will block on I/O and the main thread will deadlock on the join. Because of this, I will go with your second suggestion and use ##thread-end-with-uncaught-exception! to surface real bugs without blocking the main thread.
src/std/net/http/http-test.ss
@ -12,2 +15,4 @@
(make-temporary-file-name "log."))
(def tmp-file
(string-append (make-temporary-file-name "file") ".js"))
fare commented 2026-06-30 09:02:29 +00:00
Owner
Copy link

make-temporary-file-name now supports a suffix: argument.

make-temporary-file-name now supports a suffix: argument.
👍 1
HMarcien marked this conversation as resolved
src/std/net/http/server/handlers/directory.ss
@ -50,8 +51,13 @@
(serve-dir self.path)
fare commented 2026-06-30 09:09:07 +00:00
Owner
Copy link

I'm not sure what serve-dir does, but shouldn't that only be attempted after the path has been found safe?

I'm not sure what serve-dir does, but shouldn't that only be attempted *after* the path has been found safe?
HMarcien commented 2026-06-30 11:34:46 +00:00
Author
Member
Copy link

serve-dir simply looks for an index.html inside the base directory. It is only called when the requested URL exactly matches the root path, meaning there is no user-provided subpath to sanitize here. The directory traversal check (safe-target?) is applied in the other branch, where a subpath is actually requested.

serve-dir simply looks for an index.html inside the base directory. It is only called when the requested URL exactly matches the root path, meaning there is no user-provided subpath to sanitize here. The directory traversal check (safe-target?) is applied in the other branch, where a subpath is actually requested.
src/std/net/http/server/handlers/directory.ss
@ -55,0 +57,4 @@
(let ((root (path-normalize self.path)))
(let ((root/ (if (string-suffix? "/" root) root (string-append root "/"))))
(string-prefix? root/ target))))))
(if (and safe-target? (file-exists? target))
fare commented 2026-06-30 09:10:46 +00:00
Owner
Copy link

Wait, is the root a path in the URL or in the filesystem?
Is target absolute or relative? If relative, to what?

Wait, is the root a path in the URL or in the filesystem? Is target absolute or relative? If relative, to what?
HMarcien commented 2026-06-30 11:20:42 +00:00
Author
Member
Copy link

The root (from self.path) is a path in the filesystem. target is an absolute filesystem path because path-normalize resolves the URL subpath relative to the physical root. Then, safe-target? simply checks that this final absolute path still starts with the root directory to prevent any ../ escapes.

The root (from self.path) is a path in the filesystem. target is an absolute filesystem path because path-normalize resolves the URL subpath relative to the physical root. Then, safe-target? simply checks that this final absolute path still starts with the root directory to prevent any ../ escapes.
src/std/net/http/server/handlers/file.ss
@ -35,64 +36,75 @@
=> :pair
(cons "Content-Type" (mime-file-type path)))
(defsyntax-case with-requested-file-info ()
fare commented 2026-06-30 09:12:18 +00:00
Owner
Copy link

You might be better off using the new with-identifiers or maybe even the new with-id (in a syntax-rules)

You might be better off using the new with-identifiers or maybe even the new with-id (in a syntax-rules)
👍 1
HMarcien marked this conversation as resolved
HMarcien requested review from fare 2026-06-30 18:02:16 +00:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin +refs/pull/1471/head:hmarcien/net-http-tests
git switch hmarcien/net-http-tests

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch v0.19-staging
git merge --no-ff hmarcien/net-http-tests
git switch hmarcien/net-http-tests
git rebase v0.19-staging
git switch v0.19-staging
git merge --ff-only hmarcien/net-http-tests
git switch hmarcien/net-http-tests
git rebase v0.19-staging
git switch v0.19-staging
git merge --no-ff hmarcien/net-http-tests
git switch v0.19-staging
git merge --squash hmarcien/net-http-tests
git switch v0.19-staging
git merge --ff-only hmarcien/net-http-tests
git switch v0.19-staging
git merge hmarcien/net-http-tests
git push origin v0.19-staging
Sign in to join this conversation.
Reviewers
No reviewers
vyzo
fare
Labels
Clear labels   
UX

   
active development

   
backlog

   
blocker

   
bootstrap

   
bounty

   
bug

   
dependencies
Pull requests that update a dependency file

  
discussion

   
documentation

   
duplicate

   
enhancement

   
flaky test

   
help wanted

   
invalid

   
javascript
Pull requests that update javascript code

  
question

   
release

   
tendentious

   
wontfix
No labels
UX
active development
backlog
blocker
bootstrap
bounty
bug
dependencies
discussion
documentation
duplicate
enhancement
flaky test
help wanted
invalid
javascript
question
release
tendentious
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
mighty-gerbils/gerbil!1471
No description provided.