aws / http-desync-guardian

95%

master: 98%

LAST BUILD ON BRANCH suspicious-te-cl-classification

branch: suspicious-te-cl-classification

CHANGE BRANCH

x

Reset

• suspicious-te-cl-classification
• exclude-tests-from-coverage
• fix-cl-prefix-clippy
• fix-demo-enum-names
• main
• master
• remove_unused_dep
• rust-covfix
• upstream-sync-te-classification

feat: Add SuspiciousTeClPresent classification at Severe tier

Refactor suspicious header detection to differentiate between requests
with a single suspicious framing header versus requests where both
suspicious Transfer-Encoding and Content-Length headers are present.

When both a suspicious TE and CL are detected, classify the request as
Severe with reason SuspiciousTeClPresent. Single suspicious headers
remain classified as Ambiguous with reason SuspiciousHeader.

This provides stronger protection against HTTP desync attacks that use
obfuscated framing headers in combination.