18969331103
51%

Ran 31 Oct 2025 10:14AM UTC

Jobs 1

Files 327

Run time 1min

Badge

Embed ▾

Committed 31 Oct 2025 10:08AM UTC coverage: 47.403% (+0.03%) from 47.376%

Build # 18969331103

Build Type

push

github

Committed by

web-flow

Commit Message

Add HTTP header validation to prevent injection (#2411)

Add ValidateHTTPHeaderName and ValidateHTTPHeaderValue functions to the
validation package to prevent CRLF injection and other header-based
attacks. These functions use golang.org/x/net/http/httpguts for RFC 7230
compliant validation, matching Go's own HTTP/2 implementation.

The validation checks for:
- CRLF injection attempts (\r\n)
- Control characters (null bytes, etc.)
- RFC 7230 token compliance for header names
- Length limits (256 bytes for names, 8KB for values)

Run Details

22 of 22 new or added lines in 1 file covered. (100.0%)

5 existing lines in 2 files now uncovered.

20652 of 43567 relevant lines covered (47.4%)

22.19 hits per line

Uncovered Existing Lines

Lines	Coverage	∆	File
2	81.62	0.0%	pkg/transport/proxy/httpsse/http_proxy.go
3	96.5	-2.1%	cmd/thv-operator/pkg/sources/git.go

Jobs

ID	Job ID	Ran	Files	Coverage
1	18969331103.1	31 Oct 2025 10:14AM UTC	327	47.4	GitHub Action Run

stacklok / toolhive / 18969331103
51%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Jobs

Source Files on build 18969331103

stacklok / toolhive / 18969331103 51%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Jobs

Source Files on build 18969331103

stacklok / toolhive / 18969331103
51%

README BADGES
x