lib/buf_read.mli at main · anil.recoil.org/httpzo

An OCaml webserver, but the allocating version (vs httpz which doesnt)
httpzo / lib / buf_read.mli
at main 71 lines 2.6 kB view raw
wrap content
 1(** Buffer type and utilities for HTTP parsing. *)
 2
 3(** HTTP parsing result status. *)
 4type status =
 5  | Complete
 6  | Partial
 7  | Invalid_method
 8  | Invalid_target
 9  | Invalid_version
10  | Invalid_header
11  | Headers_too_large
12  | Malformed
13  | Content_length_overflow    (** Content-Length value too large or invalid *)
14  | Ambiguous_framing          (** Both Content-Length and Transfer-Encoding present *)
15  | Bare_cr_detected           (** CR without LF - HTTP smuggling attempt *)
16  | Missing_host_header        (** HTTP/1.1 requires Host header *)
17  | Unsupported_transfer_encoding (** Transfer-Encoding other than chunked/identity per
18                                      {{:https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.1}RFC 7230 Section 3.3.1} *)
19
20(** Convert status to string representation. *)
21val status_to_string : status -> string
22
23(** Pretty-print status. *)
24val pp_status : Stdlib.Format.formatter -> status -> unit
25
26(** Maximum buffer size: 32KB. *)
27val buffer_size : int
28
29(** Maximum headers per request. *)
30val max_headers : int
31
32(** Create a new 32KB buffer. *)
33val create : unit -> Base_bigstring.t
34
35(** Get character at position (unchecked). *)
36val peek : Base_bigstring.t -> int -> char
37
38(** Check if character is valid HTTP token character. *)
39val is_token_char : char -> bool
40
41(** Check if character is whitespace (space or tab). *)
42val is_space : char -> bool
43
44(** Convert character to lowercase. *)
45val to_lower : char -> char
46
47(** Find CRLF sequence starting at [pos]. Returns position of CR or [-1] if not found. *)
48val find_crlf : Base_bigstring.t -> pos:int -> len:int -> int
49
50(** Pretty-print buffer. *)
51val pp : Stdlib.Format.formatter -> Base_bigstring.t -> unit
52
53(** {2 Security Limits} *)
54
55(** Configurable security limits for parsing. *)
56type limits =
57  { max_content_length : int64  (** Maximum Content-Length value (default: 100MB) *)
58  ; max_header_size : int       (** Maximum size of all headers combined (default: 16KB) *)
59  ; max_header_count : int      (** Maximum number of headers (default: 100) *)
60  ; max_chunk_size : int        (** Maximum chunk size for chunked encoding (default: 16MB) *)
61  }
62
63(** Default limits: 100MB content, 16KB headers, 100 header count, 16MB chunks. *)
64val default_limits : limits
65
66(** Detect bare CR (CR not followed by LF) - RFC 7230 Section 3.5.
67    Used to prevent HTTP request smuggling attacks. *)
68val has_bare_cr : Base_bigstring.t -> pos:int -> len:int -> bool
69
70(** Check if a value contains CRLF injection attempt. *)
71val has_crlf_injection : Base_bigstring.t -> pos:int -> len:int -> bool