zio · Saturn225 · Sep 26, 2024 · Sep 26, 2024 · Sep 30, 2024 · Sep 30, 2024
@@ -0,0 +1,77 @@
+name: HTTP Conformance
+
+on:
+  pull_request:
+    branches: ["**"]
+  push:
+    branches: ["**"]
+    tags: [v*]
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  JDK_JAVA_OPTIONS: "-Xms4G -Xmx8G -XX:+UseG1GC -Xss10M -XX:ReservedCodeCacheSize=1G -XX:NonProfiledCodeHeapSize=512m -Dfile.encoding=UTF-8"
+  SBT_OPTS: "-Xms4G -Xmx8G -XX:+UseG1GC -Xss10M -XX:ReservedCodeCacheSize=1G -XX:NonProfiledCodeHeapSize=512m -Dfile.encoding=UTF-8"
+
+jobs:
+  build:
+    name: Build and Test
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        scala: [2.12.19, 2.13.14, 3.3.3]
+        java:
+          - graal_graalvm@17
+          - graal_graalvm@21
+          - temurin@17
+          - temurin@21
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout current branch (full)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup GraalVM (graal_graalvm@17)
+        if: matrix.java == 'graal_graalvm@17'
+        uses: graalvm/setup-graalvm@v1
+        with:
+          java-version: 17
+          distribution: graalvm
+          components: native-image
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          cache: sbt
+
+      - uses: coursier/setup-action@v1
+        with:
+          apps: sbt
+
+      - name: Setup GraalVM (graal_graalvm@21)
+        if: matrix.java == 'graal_graalvm@21'
+        uses: graalvm/setup-graalvm@v1
+        with:
+          java-version: 21
+          distribution: graalvm
+          components: native-image
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          cache: sbt
+
+      - name: Setup Java (temurin@17)
+        if: matrix.java == 'temurin@17'
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+          cache: sbt
+
+      - name: Setup Java (temurin@21)
+        if: matrix.java == 'temurin@21'
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+          cache: sbt
+
+      - name: Run HTTP Conformance Tests
+        run: sbt "project zioHttpJVM" "testOnly zio.http.ConformanceSpec zio.http.ConformanceE2ESpec"
@@ -115,6 +115,10 @@ object TestServerSpec extends ZIOHttpSpec {
       port <- ZIO.serviceWithZIO[Server](_.port)
     } yield Request
       .get(url = URL.root.port(port))
-      .addHeaders(Headers(Header.Accept(MediaType.text.`plain`)))
-
+      .addHeaders(
+        Headers(
+          Header.Accept(MediaType.text.`plain`),
+          Header.Host("localhost"),
+        ),
+      )
 }
@@ -87,12 +87,18 @@ private[zio] final case class ServerInboundHandler(
             )
             releaseRequest()
           } else {
-            val req  = makeZioRequest(ctx, jReq)
-            val exit = handler(req)
-            if (attemptImmediateWrite(ctx, req.method, exit)) {
+            val req = makeZioRequest(ctx, jReq)
+            if (!validateHostHeader(req)) {
+              // Validation failed, return 400 Bad Request
+              attemptFastWrite(ctx, req.method, Response.status(Status.BadRequest))
               releaseRequest()
             } else {
-              writeResponse(ctx, runtime, exit, req)(releaseRequest)
+              val exit = handler(req)
+              if (attemptImmediateWrite(ctx, req.method, exit)) {
+                releaseRequest()
+              } else {
+                writeResponse(ctx, runtime, exit, req)(releaseRequest)
+              }
             }
           }
         } finally {
@@ -108,6 +114,27 @@ private[zio] final case class ServerInboundHandler(
 
   }
 
+  private def validateHostHeader(req: Request): Boolean = {
+    val host = req.headers.get("Host").getOrElse(null)
+    if (host != null) {
+      val parts       = host.split(":")
+      val isValidHost = parts(0).forall(c => c.isLetterOrDigit || c == '.' || c == '-')
+      val isValidPort = parts.length == 1 || (parts.length == 2 && parts(1).forall(_.isDigit))
+      val isValid     = isValidHost && isValidPort
+      if (!isValid) {
+        ZIO
+          .logWarning(
+            s"Invalid Host header for request ${req.method} ${req.url}. " +
+              s"Host: $host, isValidHost: $isValidHost, isValidPort: $isValidPort",
+          )
+      }
+      isValid
+    } else {
+      ZIO.logWarning(s"Missing Host header for request ${req.method} ${req.url}")
+      false
+    }
+  }
+
   override def exceptionCaught(ctx: ChannelHandlerContext, cause: Throwable): Unit =
     cause match {
       case ioe: IOException if {

@@ -0,0 +1,51 @@
+package zio.http
+
+import zio._
+import zio.test.Assertion._
+import zio.test.TestAspect._
+import zio.test._
+
+import zio.http._
+import zio.http.internal.{DynamicServer, RoutesRunnableSpec}
+import zio.http.netty.NettyConfig
+
+object ConformanceE2ESpec extends RoutesRunnableSpec {
+
+  private val port    = 8080
+  private val MaxSize = 1024 * 10
+  val configApp       = Server.Config.default
+    .requestDecompression(true)
+    .disableRequestStreaming(MaxSize)
+    .port(port)
+    .responseCompression()
+
+  private val app = serve
+
+  def conformanceSpec = suite("ConformanceE2ESpec")(
+    test("should return 400 Bad Request if Host header is missing") {
+      val routes = Handler.ok.toRoutes
+
+      val res = routes.deploy.status.run(path = Path.root, headers = Headers(Header.Host("%%%%invalid%%%%")))
+      assertZIO(res)(equalTo(Status.BadRequest))
+    },
+    test("should return 200 OK if Host header is present") {
+      val routes = Handler.ok.toRoutes
+
+      val res = routes.deploy.status.run(path = Path.root, headers = Headers(Header.Host("localhost")))
+      assertZIO(res)(equalTo(Status.Ok))
+    },
+  )
+
+  override def spec =
+    suite("ConformanceE2ESpec") {
+      val spec = conformanceSpec
+      suite("app without request streaming") { app.as(List(spec)) }
+    }.provideShared(
+      DynamicServer.live,
+      ZLayer.succeed(configApp),
+      Server.customized,
+      Client.default,
+      ZLayer.succeed(NettyConfig.default),
+    ) @@ sequential @@ withLiveClock
+
+}