1
51%
main: 51%

Ran 31 Oct 2025 10:14AM UTC

Files 327

Run time 9s

Badge

Embed ▾

Committed 31 Oct 2025 10:08AM UTC coverage: 47.403% (+0.03%) from 47.376%

Job # 18969331103.1

Build Type

push

github

Committed by

web-flow

Commit Message

Add HTTP header validation to prevent injection (#2411)

Add ValidateHTTPHeaderName and ValidateHTTPHeaderValue functions to the
validation package to prevent CRLF injection and other header-based
attacks. These functions use golang.org/x/net/http/httpguts for RFC 7230
compliant validation, matching Go's own HTTP/2 implementation.

The validation checks for:
- CRLF injection attempts (\r\n)
- Control characters (null bytes, etc.)
- RFC 7230 token compliance for header names
- Length limits (256 bytes for names, 8KB for values)

Run Details

20652 of 43567 relevant lines covered (47.4%)

22.19 hits per line

stacklok / toolhive / 18969331103 / 1
51%
main: 51%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 18969331103.1

stacklok / toolhive / 18969331103 / 1 51% main: 51%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 18969331103.1

stacklok / toolhive / 18969331103 / 1
51%
main: 51%

README BADGES
x