add lenitent-host-header test

Author: Vizonex

src/llhttp/http.ts

@@ -551,12 +551,12 @@ export class HTTP {
   }
 
   private buildHostCheck(next: Node): Node {
-    // Check if the lentient flag given is not set to HOST_HEADER
+    // Check if the lentient flag given is set to HOST_HEADER
     // This will reject repetative versions of the host header
     const p = this.llparse;
     return this.testLenientFlags(
-      ~LENIENT_FLAGS.HOST_HEADER, 
-      {1: next}, 
+      LENIENT_FLAGS.HOST_HEADER, 
+      {1: next},
       this.testFlags(
         FLAGS.HOST_SEEN,
         {1: p.error(ERROR.HOST_PREVIOUSLY_SEEN, "host provided multiple times.")}, 
@@ -1189,7 +1189,7 @@ export class HTTP {
     // before leaving header state if Host is not set to being 
     // relaxed see if no host has been provided at all...
     return this.testLenientFlags(
-      ~LENIENT_FLAGS.HOST_HEADER,
+      LENIENT_FLAGS.HOST_HEADER,
       {1:this.testFlags(
         FLAGS.HOST_SEEN, 
         {1: beforeHeadersComplete}, 

test/fixtures/extra.c

@@ -201,7 +201,7 @@ void llhttp__test_init_response_lenient_header_value_relaxed(llparse_t* s) {
   s->lenient_flags |= LENIENT_HEADER_VALUE_RELAXED;
 }
 
-void llhttp__test_init_request_lenient_host_header_relaxed(llparse_t* s) {
+void llhttp__test_init_request_lenient_host_header(llparse_t* s) {
   llhttp__test_init_request(s);
   s->lenient_flags |= LENIENT_HOST_HEADER;
 }

test/fixtures/index.ts

@@ -24,6 +24,7 @@ export type TestType = 'request' | 'response' | 'request-finish' | 'response-fin
   'request-lenient-optional-crlf-after-chunk' | 'response-lenient-optional-crlf-after-chunk' |
   'request-lenient-spaces-after-chunk-size' | 'response-lenient-spaces-after-chunk-size' |
   'request-lenient-header-value-relaxed' | 'response-lenient-header-value-relaxed' |
+  'request-lenient-host-header' |
   'none' | 'url';
 
 export const allowedTypes: TestType[] = [
@@ -53,6 +54,7 @@ export const allowedTypes: TestType[] = [
   'response-lenient-spaces-after-chunk-size',
   'request-lenient-header-value-relaxed',
   'response-lenient-header-value-relaxed',
+  'request-lenient-host-header'
 ];
 
 const BUILD_DIR = path.join(__dirname, '..', 'tmp');

test/md-test.ts

@@ -227,9 +227,11 @@ function run(name: string): void {
   }
 }
 
+
 run('request/sample');
 run('request/lenient-headers');
 run('request/lenient-header-value-relaxed');
+run('request/lenient-host-header');
 run('request/lenient-version');
 run('request/method');
 run('request/uri');

test/request/lenient-host-header.md

@@ -0,0 +1,64 @@
+Relaxed host header
+===================
+
+Relaxed host header mode: accepts multiple host headers
+this is meant to stop redirection or injection attacks 
+and other unusual behaviors.
+
+## multiple host headers (relaxed)
+When HOST_HEADER is not set, it should allow multiple hosts to be set.
+
+<!-- meta={"type": "request"} -->
+
+```http
+GET / HTTP/1.1
+host: www.python.org
+host: llhttp.org
+
+
+```
+```log
+off=0 message begin
+off=0 len=3 span[method]="GET"
+off=3 method complete
+off=4 len=4 span[url]="/url"
+off=9 url complete
+off=9 len=4 span[protocol]="HTTP"
+off=13 protocol complete
+off=14 len=3 span[version]="1.1"
+off=17 version complete
+off=19 len=4 span[header_field] = "host"
+off=24 len=10 span[header_value] = "www.python.org"
+off=35 len=4 span[header_field] = "host"
+off=40 len=10 span[header_field] = "llhttp.org"
+```
+
+
+## Invalid Hosts (strict)
+
+HOST_HEADER if enabled this will not allow multiple headers to be set.
+
+<!-- meta={"type": "request-lenient-host-header"} -->
+
+```http
+GET /url HTTP/1.1
+host: www.python.org
+host: llhttp.org
+
+
+```
+
+```log
+off=0 message begin
+off=0 len=3 span[method]="GET"
+off=3 method complete
+off=4 len=4 span[url]="/url"
+off=9 url complete
+off=9 len=4 span[protocol]="HTTP"
+off=13 protocol complete
+off=14 len=3 span[version]="1.1"
+off=17 version complete
+off=19 len=4 span[header_field] = "host"
+off=24 len=10 span[header_value] = "www.python.org"
+off=19 len=4 error code=40
+```