simon/tiny_httpd
1
0
Fork 0
mirror of https://github.com/c-cube/tiny_httpd.git synced 2026-03-10 07:35:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
tiny_httpd/src/core/util.mli
Simon Cruanes ba19880d75
Some checks failed
github pages / deploy (push) Has been cancelled
Details
build / build (4.13.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (4.14.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (5.03.x, ubuntu-latest) (push) Has been cancelled
Details
hardening bugfixes 
* fix: use realpath to validate filesystem paths against traversal

- add string_prefix helper to check path containment
- compute root_canonical once per add_vfs_ call
- use realpath only for filesystem (on_fs=true), keeping simple
  contains_dot_dot check for VFS
- paths are already URL-decoded by Route.rest_of_path_urlencoded

* fix: add header size limits to prevent memory exhaustion

add optional limits to Headers.parse_:
- max_headers: 100 (default)
- max_header_size: 16KiB per header (default)
- max_total_size: 256KiB total (default)

returns 431 status code when limits exceeded per RFC 6585.
2026-02-10 19:57:21 -05:00

42 lines
1.3 KiB
OCaml
Raw Blame History

(** {1 Some utils for writing web servers}
@since 0.2 *)
val percent_encode : ?skip:(char -> bool) -> string -> string
(** Encode the string into a valid path following
https://tools.ietf.org/html/rfc3986#section-2.1
@param skip
if provided, allows to preserve some characters, e.g. '/' in a path. *)
val percent_decode : string -> string option
(** Inverse operation of {!percent_encode}. Can fail since some strings are not
valid percent encodings. *)
val split_query : string -> string * string
(** Split a path between the path and the query
@since 0.5 *)
val split_on_slash : string -> string list
(** Split a string on ['/'], remove the trailing ['/'] if any.
@since 0.6 *)
val get_non_query_path : string -> string
(** get the part of the path that is not the query parameters.
@since 0.5 *)
val get_query : string -> string
(** Obtain the query part of a path.
@since 0.4 *)
val parse_query : string -> ((string * string) list, string) result
(** Parse a query as a list of ['&'] or [';'] separated [key=value] pairs. The
order might not be preserved.
@since 0.3 *)
val show_sockaddr : Unix.sockaddr -> string
(** Simple printer for socket addresses.
@since 0.17 *)
val is_ipv6_str : string -> bool
(** Is this string potentially an IPV6 address?
@since 0.17 *)
Reference in a new issue View git blame Copy permalink