Fire an event when allowing a bad request (#39944)

Author: Tratcher

src/Servers/Kestrel/Core/src/Internal/Http/Http1Connection.cs

@@ -612,6 +612,8 @@ private void ValidateNonOriginHostHeader(string hostText)
                         // replace it with the value from the request line.
                         if (_context.ServiceContext.ServerOptions.EnableInsecureAbsoluteFormHostOverride)
                         {
+                            ReportAllowedBadRequest(KestrelBadHttpRequestException.GetException(RequestRejectionReason.InvalidHostHeader, hostText));
+
                             hostText = _absoluteRequestTarget.Authority + ":" + _absoluteRequestTarget.Port.ToString(CultureInfo.InvariantCulture);
                             HttpRequestHeaders.HeaderHost = hostText;
                         }

src/Servers/Kestrel/Core/src/Internal/Http/HttpProtocol.cs

@@ -1340,6 +1340,24 @@ public void SetBadRequestState(BadHttpRequestException ex)
             _keepAlive = false;
         }
 
+        // Normally this would have been rejected, but the developer opted into allowing the bad behavior.
+        public void ReportAllowedBadRequest(BadHttpRequestException ex)
+        {
+            Log.ConnectionBadRequest(ConnectionId, ex);
+            // Set this so DiagnosticSource listeners can observe the exception via the IBadRequestExceptionFeature.
+            // Make sure to unset before exiting the method so the request doesn't actually get rejected.
+            // This means the exception will not be visible to normal middleware.
+            _requestRejectedException = ex;
+
+            const string badRequestEventName = "Microsoft.AspNetCore.Server.Kestrel.BadRequest";
+            if (ServiceContext.DiagnosticSource?.IsEnabled(badRequestEventName) == true)
+            {
+                ServiceContext.DiagnosticSource.Write(badRequestEventName, this);
+            }
+
+            _requestRejectedException = null;
+        }
+
         public void ReportApplicationError(Exception? ex)
         {
             // ReportApplicationError can be called with a null exception from MessageBody

src/Servers/Kestrel/test/InMemory.FunctionalTests/BadHttpRequestTests.cs

@@ -141,25 +141,59 @@ public Task BadRequestIfHostHeaderDoesNotMatchRequestTarget(string requestTarget
         [Fact]
         public async Task CanOptOutOfBadRequestIfHostHeaderDoesNotMatchRequestTarget()
         {
+            BadHttpRequestException loggedException = null;
+
+            var mockKestrelTrace = new Mock<IKestrelTrace>();
+            mockKestrelTrace
+                .Setup(trace => trace.IsEnabled(LogLevel.Information))
+                .Returns(true);
+            mockKestrelTrace
+                .Setup(trace => trace.ConnectionBadRequest(It.IsAny<string>(), It.IsAny<BadHttpRequestException>()))
+                .Callback<string, BadHttpRequestException>((connectionId, exception) => loggedException = exception);
+
+            // Set up a listener to catch the BadRequest event
+            var diagListener = new DiagnosticListener("OptOutBadRequestTestsDiagListener");
+            string eventProviderName = "";
+            string exceptionString = "";
+            var badRequestEventListener = new BadRequestEventListener(diagListener, (pair) => {
+                eventProviderName = pair.Key;
+                var featureCollection = pair.Value as IFeatureCollection;
+                if (featureCollection is not null)
+                {
+                    var badRequestFeature = featureCollection.Get<IBadRequestExceptionFeature>();
+                    exceptionString = badRequestFeature.Error.ToString();
+                }
+            });
+
             var receivedHost = StringValues.Empty;
             await using var server = new TestServer(context =>
             {
                 receivedHost = context.Request.Headers.Host;
                 return Task.CompletedTask;
-            }, new TestServiceContext(LoggerFactory)
+            }, new TestServiceContext(LoggerFactory, mockKestrelTrace.Object)
             {
+                DiagnosticSource = diagListener,
                 ServerOptions = new KestrelServerOptions()
                 {
                     EnableInsecureAbsoluteFormHostOverride = true,
                 }
             });
+
             using var client = server.CreateConnection();
 
             await client.SendAll($"GET http://www.foo.com/api/data HTTP/1.1\r\nHost: www.foo.comConnection: keep-alive\r\n\r\n");
 
             await client.Receive("HTTP/1.1 200 OK");
 
             Assert.Equal("www.foo.com:80", receivedHost);
+
+            mockKestrelTrace.Verify(trace => trace.ConnectionBadRequest(It.IsAny<string>(), It.IsAny<BadHttpRequestException>()));
+            Assert.Equal(CoreStrings.FormatBadRequest_InvalidHostHeader_Detail("www.foo.comConnection: keep-alive"), loggedException.Message);
+
+            // Verify DiagnosticSource event for bad request
+            Assert.True(badRequestEventListener.EventFired);
+            Assert.Equal("Microsoft.AspNetCore.Server.Kestrel.BadRequest", eventProviderName);
+            Assert.Contains(CoreStrings.FormatBadRequest_InvalidHostHeader_Detail("www.foo.comConnection: keep-alive"), exceptionString);
         }
 
         [Fact]