#http-parser #safe #strict #http-1 #slow #security

safehttp

A slow (but simple, safe and strict) HTTP/1.1 parser

2 unstable releases

Uses old Rust 2015

0.2.0 May 24, 2024
0.1.0 May 19, 2024

#614 in HTTP server

MIT/Apache

66KB
1.5K SLoC

safehttp

A slow (but simple, safe and strict) HTTP/1.1 parser for Rust.

Unlike some others HTTP parsers for Rust, this library focuses on security and not on performance. Most of us don’t need high-performance sub-microsecond SIMD-enabled event-driven zero-copy HTTP parsing. We all know HTTP parser vulnerabilities do exist. This crate does not use any unsafe code.

Please review this code before using it. Feedbacks and other contributions are highly appreciated.

Package on crates.ioCrates.io Version

API Docs docs.rs

Usage

This parser uses the (de-facto standard) types in the http crate.

[TODO]

RFC 7230 compliance

For the sake of simplicity, this parser does not support optional and seldomly used HTTP features like chunk trailers, chunk extensions or exotic transfer encodings (other than chunked).

This parser is as strict as possible: things like non standard line endings (i.e. not CRLF) are rejected.

However, this parser aims to be entirely compliant to the specification and should work without any trouble with most user agents.

Fuzzing

TODO

Automated testing

TODO

HTTP/2 and HTTP/3 support

HTTP/2 is currently not supported but could be added in the future. I’m not actually against HTTP/2 but it is currently not as widely supported as HTTP/1.1 and for a server, most clients will send HTTP/1.1 requests before upgrading. So HTTP/1.1 parsing is required in anyway.

HTTP/3 seems to be widly different than HTTP/2 and HTTP/1, so it’s probably better to support it in a different library.

License

safehttp is primarily distributed under the terms of both the MIT license and the Apache License (Version 2.0). See LICENSE-APACHE and LICENSE-MIT for details.

Possible improvements

  • Write more tests. There are tests but more is always better.

  • It could be worth rewriting the parser with nom. The current implementation of the lookahead isn’t particularly beautiful, however this would add a dependency...

Dependencies

~615KB
~10K SLoC