Have kestrel filter out pseudo headers #30417 (#36287)

github-actions[bot] · Tratcher · web-flow · commit 53a99f211668 · 2021-09-08T18:40:46.000Z
Co-authored-by: Chris R &lt;Tratcher@outlook.com&gt;
diff --git a/src/Servers/Kestrel/Core/src/Internal/Http/HttpHeaders.Generated.cs b/src/Servers/Kestrel/Core/src/Internal/Http/HttpHeaders.Generated.cs
@@ -227,7 +227,14 @@ public override StringValues HeaderConnection
             }
             set
             {
-                _bits |= 0x2L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x2L;
+                }
+                else
+                {
+                    _bits &= ~0x2L;
+                }
                 _headers._Connection = value; 
             }
         }
@@ -244,7 +251,14 @@ public StringValues HeaderHost
             }
             set
             {
-                _bits |= 0x4L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x4L;
+                }
+                else
+                {
+                    _bits &= ~0x4L;
+                }
                 _headers._Host = value; 
             }
         }
@@ -261,7 +275,14 @@ public StringValues HeaderAuthority
             }
             set
             {
-                _bits |= 0x10L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x10L;
+                }
+                else
+                {
+                    _bits &= ~0x10L;
+                }
                 _headers._Authority = value; 
             }
         }
@@ -278,7 +299,14 @@ public StringValues HeaderMethod
             }
             set
             {
-                _bits |= 0x20L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x20L;
+                }
+                else
+                {
+                    _bits &= ~0x20L;
+                }
                 _headers._Method = value; 
             }
         }
@@ -295,7 +323,14 @@ public StringValues HeaderPath
             }
             set
             {
-                _bits |= 0x40L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x40L;
+                }
+                else
+                {
+                    _bits &= ~0x40L;
+                }
                 _headers._Path = value; 
             }
         }
@@ -312,7 +347,14 @@ public StringValues HeaderScheme
             }
             set
             {
-                _bits |= 0x80L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x80L;
+                }
+                else
+                {
+                    _bits &= ~0x80L;
+                }
                 _headers._Scheme = value; 
             }
         }
@@ -329,7 +371,14 @@ public StringValues HeaderTransferEncoding
             }
             set
             {
-                _bits |= 0x20000000000L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x20000000000L;
+                }
+                else
+                {
+                    _bits &= ~0x20000000000L;
+                }
                 _headers._TransferEncoding = value; 
             }
         }
@@ -8234,7 +8283,14 @@ public override StringValues HeaderConnection
             }
             set
             {
-                _bits |= 0x1L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x1L;
+                }
+                else
+                {
+                    _bits &= ~0x1L;
+                }
                 _headers._Connection = value; 
                 _headers._rawConnection = null;
             }
@@ -8252,7 +8308,14 @@ public StringValues HeaderAllow
             }
             set
             {
-                _bits |= 0x1000L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x1000L;
+                }
+                else
+                {
+                    _bits &= ~0x1000L;
+                }
                 _headers._Allow = value; 
             }
         }
@@ -8269,7 +8332,14 @@ public StringValues HeaderAltSvc
             }
             set
             {
-                _bits |= 0x2000L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x2000L;
+                }
+                else
+                {
+                    _bits &= ~0x2000L;
+                }
                 _headers._AltSvc = value; 
                 _headers._rawAltSvc = null;
             }
@@ -8287,7 +8357,14 @@ public StringValues HeaderTransferEncoding
             }
             set
             {
-                _bits |= 0x100000000L;
+                if (!StringValues.IsNullOrEmpty(value))
+                {
+                    _bits |= 0x100000000L;
+                }
+                else
+                {
+                    _bits &= ~0x100000000L;
+                }
                 _headers._TransferEncoding = value; 
                 _headers._rawTransferEncoding = null;
             }
diff --git a/src/Servers/Kestrel/Core/src/Internal/Http2/Http2Stream.cs b/src/Servers/Kestrel/Core/src/Internal/Http2/Http2Stream.cs
@@ -248,13 +248,14 @@ private bool TryValidatePseudoHeaders()
             // enabling the use of HTTP to interact with non - HTTP services.
             // A common example is TLS termination.
             var headerScheme = HttpRequestHeaders.HeaderScheme.ToString();
+            HttpRequestHeaders.HeaderScheme = default; // Suppress pseduo headers from the public headers collection.
             if (!ReferenceEquals(headerScheme, Scheme) &&
                 !string.Equals(headerScheme, Scheme, StringComparison.OrdinalIgnoreCase))
             {
                 if (!ServerOptions.AllowAlternateSchemes || !Uri.CheckSchemeName(headerScheme))
                 {
                     ResetAndAbort(new ConnectionAbortedException(
-                        CoreStrings.FormatHttp2StreamErrorSchemeMismatch(HttpRequestHeaders.HeaderScheme, Scheme)), Http2ErrorCode.PROTOCOL_ERROR);
+                        CoreStrings.FormatHttp2StreamErrorSchemeMismatch(headerScheme, Scheme)), Http2ErrorCode.PROTOCOL_ERROR);
                     return false;
                 }
 
@@ -264,6 +265,7 @@ private bool TryValidatePseudoHeaders()
             // :path (and query) - Required
             // Must start with / except may be * for OPTIONS
             var path = HttpRequestHeaders.HeaderPath.ToString();
+            HttpRequestHeaders.HeaderPath = default; // Suppress pseduo headers from the public headers collection.
             RawTarget = path;
 
             // OPTIONS - https://tools.ietf.org/html/rfc7540#section-8.1.2.3
@@ -301,6 +303,7 @@ private bool TryValidateMethod()
         {
             // :method
             _methodText = HttpRequestHeaders.HeaderMethod.ToString();
+            HttpRequestHeaders.HeaderMethod = default; // Suppress pseduo headers from the public headers collection.
             Method = HttpUtilities.GetKnownMethod(_methodText);
 
             if (Method == HttpMethod.None)
@@ -327,6 +330,7 @@ private bool TryValidateAuthorityAndHost(out string hostText)
             // Prefer this over Host
 
             var authority = HttpRequestHeaders.HeaderAuthority;
+            HttpRequestHeaders.HeaderAuthority = default; // Suppress pseduo headers from the public headers collection.
             var host = HttpRequestHeaders.HeaderHost;
             if (!StringValues.IsNullOrEmpty(authority))
             {
diff --git a/src/Servers/Kestrel/Core/src/Internal/Http3/Http3Stream.cs b/src/Servers/Kestrel/Core/src/Internal/Http3/Http3Stream.cs
@@ -787,12 +787,13 @@ private bool TryValidatePseudoHeaders()
             // proxy or gateway can translate requests for non - HTTP schemes,
             // enabling the use of HTTP to interact with non - HTTP services.
             var headerScheme = HttpRequestHeaders.HeaderScheme.ToString();
+            HttpRequestHeaders.HeaderScheme = default; // Suppress pseduo headers from the public headers collection.
             if (!ReferenceEquals(headerScheme, Scheme) &&
                 !string.Equals(headerScheme, Scheme, StringComparison.OrdinalIgnoreCase))
             {
                 if (!ServerOptions.AllowAlternateSchemes || !Uri.CheckSchemeName(headerScheme))
                 {
-                    var str = CoreStrings.FormatHttp3StreamErrorSchemeMismatch(RequestHeaders[HeaderNames.Scheme], Scheme);
+                    var str = CoreStrings.FormatHttp3StreamErrorSchemeMismatch(headerScheme, Scheme);
                     Abort(new ConnectionAbortedException(str), Http3ErrorCode.ProtocolError);
                     return false;
                 }
@@ -802,7 +803,8 @@ private bool TryValidatePseudoHeaders()
 
             // :path (and query) - Required
             // Must start with / except may be * for OPTIONS
-            var path = RequestHeaders[HeaderNames.Path].ToString();
+            var path = HttpRequestHeaders.HeaderPath.ToString();
+            HttpRequestHeaders.HeaderPath = default; // Suppress pseduo headers from the public headers collection.
             RawTarget = path;
 
             // OPTIONS - https://tools.ietf.org/html/rfc7540#section-8.1.2.3
@@ -840,7 +842,8 @@ private bool TryValidatePseudoHeaders()
         private bool TryValidateMethod()
         {
             // :method
-            _methodText = RequestHeaders[HeaderNames.Method].ToString();
+            _methodText = HttpRequestHeaders.HeaderMethod.ToString();
+            HttpRequestHeaders.HeaderMethod = default; // Suppress pseduo headers from the public headers collection.
             Method = HttpUtilities.GetKnownMethod(_methodText);
 
             if (Method == Http.HttpMethod.None)
@@ -866,7 +869,8 @@ private bool TryValidateAuthorityAndHost(out string hostText)
             // :authority (optional)
             // Prefer this over Host
 
-            var authority = RequestHeaders[HeaderNames.Authority];
+            var authority = HttpRequestHeaders.HeaderAuthority;
+            HttpRequestHeaders.HeaderAuthority = default; // Suppress pseduo headers from the public headers collection.
             var host = HttpRequestHeaders.HeaderHost;
             if (!StringValues.IsNullOrEmpty(authority))
             {
diff --git a/src/Servers/Kestrel/shared/KnownHeaders.cs b/src/Servers/Kestrel/shared/KnownHeaders.cs
@@ -843,7 +843,14 @@ internal partial class {loop.ClassName} : IHeaderDictionary
             }}
             set
             {{
-                {header.SetBit()};
+                if (!StringValues.IsNullOrEmpty(value))
+                {{
+                    {header.SetBit()};
+                }}
+                else
+                {{
+                    {header.ClearBit()};
+                }}
                 _headers._{header.Identifier} = value; {(header.EnhancedSetter == false ? "" : $@"
                 _headers._raw{header.Identifier} = null;")}
             }}")}
diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2StreamTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2StreamTests.cs
@@ -432,6 +432,7 @@ public async Task HEADERS_Received_SchemeMismatchAllowed_Processed(string scheme
             await InitializeConnectionAsync(context =>
             {
                 Assert.Equal(scheme, context.Request.Scheme);
+                Assert.False(context.Request.Headers.ContainsKey(HeaderNames.Scheme));
                 return Task.CompletedTask;
             });
 
diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2TestBase.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2TestBase.cs
@@ -136,6 +136,7 @@ protected static IEnumerable<KeyValuePair<string, string>> ReadRateRequestHeader
         protected readonly Dictionary<string, string> _receivedHeaders = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
         protected readonly Dictionary<string, string> _receivedTrailers = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
         protected readonly Dictionary<string, string> _decodedHeaders = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        protected readonly RequestFields _receivedRequestFields = new RequestFields();
         protected readonly HashSet<int> _abortedStreamIds = new HashSet<int>();
         protected readonly object _abortedStreamIdsLock = new object();
         protected readonly TaskCompletionSource _closingStateReached = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);
@@ -195,6 +196,10 @@ public Http2TestBase()
 
             _readHeadersApplication = context =>
             {
+                _receivedRequestFields.Method = context.Request.Method;
+                _receivedRequestFields.Scheme = context.Request.Scheme;
+                _receivedRequestFields.Path = context.Request.Path.Value;
+                _receivedRequestFields.RawTarget = context.Features.Get<IHttpRequestFeature>().RawTarget;
                 foreach (var header in context.Request.Headers)
                 {
                     _receivedHeaders[header.Key] = header.Value.ToString();
@@ -217,6 +222,10 @@ public Http2TestBase()
                 Assert.True(context.Request.SupportsTrailers(), "SupportsTrailers");
                 Assert.True(context.Request.CheckTrailersAvailable(), "SupportsTrailers");
 
+                _receivedRequestFields.Method = context.Request.Method;
+                _receivedRequestFields.Scheme = context.Request.Scheme;
+                _receivedRequestFields.Path = context.Request.Path.Value;
+                _receivedRequestFields.RawTarget = context.Features.Get<IHttpRequestFeature>().RawTarget;
                 foreach (var header in context.Request.Headers)
                 {
                     _receivedHeaders[header.Key] = header.Value.ToString();
@@ -350,20 +359,23 @@ public Http2TestBase()
             _echoMethodNoBody = context =>
             {
                 Assert.False(context.Request.CanHaveBody());
+                Assert.False(context.Request.Headers.ContainsKey(HeaderNames.Method));
                 context.Response.Headers["Method"] = context.Request.Method;
 
                 return Task.CompletedTask;
             };
 
             _echoHost = context =>
             {
+                Assert.False(context.Request.Headers.ContainsKey(HeaderNames.Authority));
                 context.Response.Headers.Host = context.Request.Headers.Host;
 
                 return Task.CompletedTask;
             };
 
             _echoPath = context =>
             {
+                Assert.False(context.Request.Headers.ContainsKey(HeaderNames.Path));
                 context.Response.Headers["path"] = context.Request.Path.ToString();
                 context.Response.Headers["rawtarget"] = context.Features.Get<IHttpRequestFeature>().RawTarget;
 
@@ -1240,8 +1252,28 @@ protected void VerifyDecodedRequestHeaders(IEnumerable<KeyValuePair<string, stri
         {
             foreach (var header in expectedHeaders)
             {
-                Assert.True(_receivedHeaders.TryGetValue(header.Key, out var value), header.Key);
-                Assert.Equal(header.Value, value, ignoreCase: true);
+                if (header.Key == HeaderNames.Method)
+                {
+                    Assert.Equal(header.Value, _receivedRequestFields.Method);
+                }
+                else if (header.Key == HeaderNames.Authority)
+                {
+                    Assert.True(_receivedHeaders.TryGetValue(HeaderNames.Host, out var host), header.Key);
+                    Assert.Equal(header.Value, host);
+                }
+                else if (header.Key == HeaderNames.Scheme)
+                {
+                    Assert.Equal(header.Value, _receivedRequestFields.Scheme);
+                }
+                else if (header.Key == HeaderNames.Path)
+                {
+                    Assert.Equal(header.Value, _receivedRequestFields.RawTarget);
+                }
+                else
+                {
+                    Assert.True(_receivedHeaders.TryGetValue(header.Key, out var value), header.Key);
+                    Assert.Equal(header.Value, value, ignoreCase: true);
+                }
             }
         }
 
@@ -1390,5 +1422,13 @@ public long GetResponseDrainDeadline(long ticks, MinDataRate minRate)
                 return _realTimeoutControl.GetResponseDrainDeadline(ticks, minRate);
             }
         }
+
+        public class RequestFields
+        {
+            public string Method { get; set; }
+            public string Scheme { get; set; }
+            public string Path { get; set; }
+            public string RawTarget { get; set; }
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -227,7 +227,14 @@ public override StringValues HeaderConnection`
`227`	`227`	`}`
`228`	`228`	`set`
`229`	`229`	`{`
`230`		`- _bits \|= 0x2L;`
	`230`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`231`	`+ {`
	`232`	`+ _bits \|= 0x2L;`
	`233`	`+ }`
	`234`	`+ else`
	`235`	`+ {`
	`236`	`+ _bits &= ~0x2L;`
	`237`	`+ }`
`231`	`238`	`_headers._Connection = value;`
`232`	`239`	`}`
`233`	`240`	`}`
`@@ -244,7 +251,14 @@ public StringValues HeaderHost`
`244`	`251`	`}`
`245`	`252`	`set`
`246`	`253`	`{`
`247`		`- _bits \|= 0x4L;`
	`254`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`255`	`+ {`
	`256`	`+ _bits \|= 0x4L;`
	`257`	`+ }`
	`258`	`+ else`
	`259`	`+ {`
	`260`	`+ _bits &= ~0x4L;`
	`261`	`+ }`
`248`	`262`	`_headers._Host = value;`
`249`	`263`	`}`
`250`	`264`	`}`
`@@ -261,7 +275,14 @@ public StringValues HeaderAuthority`
`261`	`275`	`}`
`262`	`276`	`set`
`263`	`277`	`{`
`264`		`- _bits \|= 0x10L;`
	`278`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`279`	`+ {`
	`280`	`+ _bits \|= 0x10L;`
	`281`	`+ }`
	`282`	`+ else`
	`283`	`+ {`
	`284`	`+ _bits &= ~0x10L;`
	`285`	`+ }`
`265`	`286`	`_headers._Authority = value;`
`266`	`287`	`}`
`267`	`288`	`}`
`@@ -278,7 +299,14 @@ public StringValues HeaderMethod`
`278`	`299`	`}`
`279`	`300`	`set`
`280`	`301`	`{`
`281`		`- _bits \|= 0x20L;`
	`302`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`303`	`+ {`
	`304`	`+ _bits \|= 0x20L;`
	`305`	`+ }`
	`306`	`+ else`
	`307`	`+ {`
	`308`	`+ _bits &= ~0x20L;`
	`309`	`+ }`
`282`	`310`	`_headers._Method = value;`
`283`	`311`	`}`
`284`	`312`	`}`
`@@ -295,7 +323,14 @@ public StringValues HeaderPath`
`295`	`323`	`}`
`296`	`324`	`set`
`297`	`325`	`{`
`298`		`- _bits \|= 0x40L;`
	`326`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`327`	`+ {`
	`328`	`+ _bits \|= 0x40L;`
	`329`	`+ }`
	`330`	`+ else`
	`331`	`+ {`
	`332`	`+ _bits &= ~0x40L;`
	`333`	`+ }`
`299`	`334`	`_headers._Path = value;`
`300`	`335`	`}`
`301`	`336`	`}`
`@@ -312,7 +347,14 @@ public StringValues HeaderScheme`
`312`	`347`	`}`
`313`	`348`	`set`
`314`	`349`	`{`
`315`		`- _bits \|= 0x80L;`
	`350`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`351`	`+ {`
	`352`	`+ _bits \|= 0x80L;`
	`353`	`+ }`
	`354`	`+ else`
	`355`	`+ {`
	`356`	`+ _bits &= ~0x80L;`
	`357`	`+ }`
`316`	`358`	`_headers._Scheme = value;`
`317`	`359`	`}`
`318`	`360`	`}`
`@@ -329,7 +371,14 @@ public StringValues HeaderTransferEncoding`
`329`	`371`	`}`
`330`	`372`	`set`
`331`	`373`	`{`
`332`		`- _bits \|= 0x20000000000L;`
	`374`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`375`	`+ {`
	`376`	`+ _bits \|= 0x20000000000L;`
	`377`	`+ }`
	`378`	`+ else`
	`379`	`+ {`
	`380`	`+ _bits &= ~0x20000000000L;`
	`381`	`+ }`
`333`	`382`	`_headers._TransferEncoding = value;`
`334`	`383`	`}`
`335`	`384`	`}`
`@@ -8234,7 +8283,14 @@ public override StringValues HeaderConnection`
`8234`	`8283`	`}`
`8235`	`8284`	`set`
`8236`	`8285`	`{`
`8237`		`- _bits \|= 0x1L;`
	`8286`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`8287`	`+ {`
	`8288`	`+ _bits \|= 0x1L;`
	`8289`	`+ }`
	`8290`	`+ else`
	`8291`	`+ {`
	`8292`	`+ _bits &= ~0x1L;`
	`8293`	`+ }`
`8238`	`8294`	`_headers._Connection = value;`
`8239`	`8295`	`_headers._rawConnection = null;`
`8240`	`8296`	`}`
`@@ -8252,7 +8308,14 @@ public StringValues HeaderAllow`
`8252`	`8308`	`}`
`8253`	`8309`	`set`
`8254`	`8310`	`{`
`8255`		`- _bits \|= 0x1000L;`
	`8311`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`8312`	`+ {`
	`8313`	`+ _bits \|= 0x1000L;`
	`8314`	`+ }`
	`8315`	`+ else`
	`8316`	`+ {`
	`8317`	`+ _bits &= ~0x1000L;`
	`8318`	`+ }`
`8256`	`8319`	`_headers._Allow = value;`
`8257`	`8320`	`}`
`8258`	`8321`	`}`
`@@ -8269,7 +8332,14 @@ public StringValues HeaderAltSvc`
`8269`	`8332`	`}`
`8270`	`8333`	`set`
`8271`	`8334`	`{`
`8272`		`- _bits \|= 0x2000L;`
	`8335`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`8336`	`+ {`
	`8337`	`+ _bits \|= 0x2000L;`
	`8338`	`+ }`
	`8339`	`+ else`
	`8340`	`+ {`
	`8341`	`+ _bits &= ~0x2000L;`
	`8342`	`+ }`
`8273`	`8343`	`_headers._AltSvc = value;`
`8274`	`8344`	`_headers._rawAltSvc = null;`
`8275`	`8345`	`}`
`@@ -8287,7 +8357,14 @@ public StringValues HeaderTransferEncoding`
`8287`	`8357`	`}`
`8288`	`8358`	`set`
`8289`	`8359`	`{`
`8290`		`- _bits \|= 0x100000000L;`
	`8360`	`+ if (!StringValues.IsNullOrEmpty(value))`
	`8361`	`+ {`
	`8362`	`+ _bits \|= 0x100000000L;`
	`8363`	`+ }`
	`8364`	`+ else`
	`8365`	`+ {`
	`8366`	`+ _bits &= ~0x100000000L;`
	`8367`	`+ }`
`8291`	`8368`	`_headers._TransferEncoding = value;`
`8292`	`8369`	`_headers._rawTransferEncoding = null;`
`8293`	`8370`	`}`
Original file line number	Diff line number	Diff line change
`@@ -432,6 +432,7 @@ public async Task HEADERS_Received_SchemeMismatchAllowed_Processed(string scheme`
`432`	`432`	`await InitializeConnectionAsync(context =>`
`433`	`433`	`{`
`434`	`434`	`Assert.Equal(scheme, context.Request.Scheme);`
	`435`	`+ Assert.False(context.Request.Headers.ContainsKey(HeaderNames.Scheme));`
`435`	`436`	`return Task.CompletedTask;`
`436`	`437`	`});`
`437`	`438`