mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-03-08 08:19:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
668d960f1ab205fd795097e871a322d4ece520d3
bun.sh/test
History
robobun 668d960f1a fix(http): preserve bytes >= 0x80 in HTTP header values (#27269) 
## Summary
- Fix signed `char` comparison bug in uWS `HttpParser.h` that caused
bytes >= 0x80 to be stripped from HTTP header values on platforms where
`char` is signed (x86_64 Linux, x86_64 macOS, ARM macOS)
- Replace `< 33` comparison with explicit checks for SP and HTAB per RFC
9110 Section 5.5
- This also fixes a potential request smuggling vector where
`Transfer-Encoding: \xffchunked\xff` would be interpreted as
`Transfer-Encoding: chunked`

Closes #8893

## Root Cause
In `packages/bun-uws/src/HttpParser.h`, the `getHeaders` function
trimmed whitespace from header values using:
```cpp
while (headers->value.back() < 33) { ... }
```
`std::string_view::back()` returns `char`, which is **signed** on
x86_64. Bytes 0x80-0xFF are negative values (-128 to -1), all less than
33, so they were incorrectly stripped as whitespace.

## Fix
Replace the numeric comparison with explicit OWS character checks:
```cpp
while (headers->value.back() == ' ' || headers->value.back() == '\t') { ... }
```
This matches RFC 9110 Section 5.5 which defines OWS (Optional White
Space) as only SP and HTAB.

## Test plan
- [x] Added regression test `test/regression/issue/08893.test.ts` that
sends raw HTTP requests with 0xFF bytes in header values and verifies
they are preserved
- [x] Added test that SP/HTAB trimming still works correctly
- [x] `bun bd test test/regression/issue/08893.test.ts` passes (2/2
tests)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
2026-03-01 00:08:02 -08:00
..
_util
bug(ENG-21479): Fix Valkey URL Parsing (#24458)
2025-11-07 21:18:07 -08:00
bake
fix(bundler): set is_export_star_target in dev server mode (#27524)
2026-02-27 22:10:22 -08:00
bundler
fix(test): use API backend for target=node bundler tests to fix flaky timeout (#27657)
2026-02-28 21:49:38 -08:00
cli
fix(install): resolve transitive peer deps when resolution is fully synchronous (#27545)
2026-02-28 22:46:14 -08:00
config/bunfig
docker
refactor(test): use container-based postgres_tls for TLS SQL tests (#26518)
2026-01-27 23:32:39 -08:00
exports
fixtures/glob
integration
Windows arm64 CI (#26746)
2026-02-18 18:08:10 -08:00
internal
fix(node:vm): propagate async context tracking flag to NodeVMGlobalObject (#26542)
2026-01-28 21:40:55 -08:00
js
fix(fs): harden path length validation for multi-byte UTF-8 strings (#27495)
2026-02-28 23:37:43 -08:00
napi
Windows arm64 CI (#26746)
2026-02-18 18:08:10 -08:00
regression
fix(http): preserve bytes >= 0x80 in HTTP header values (#27269)
2026-03-01 00:08:02 -08:00
runners
scripts
snapshots
snippets
v8
fix: v8::Value::IsInt32()/IsUint32() edge cases (#25548)
2025-12-17 00:52:16 -08:00
.prettierignore
AGENTS.md
bun.lock
Upgrade WebKit to f03492d0636f (#26922)
2026-02-23 01:28:37 -08:00
bunfig.toml
CLAUDE.md
Update CLAUDE.md
2026-01-18 14:07:30 -08:00
expectations.txt
Windows arm64 CI (#26746)
2026-02-18 18:08:10 -08:00
harness.ts
Speed up some more tests (#25892)
2026-01-07 23:39:10 -08:00
http-test-server.ts
leaksan.supp
mkfifo.ts
no-validate-exceptions.txt
fix: Proxy-wrapped arrays causing null deref crashes in isArray+jsCast paths (#27529)
2026-02-27 22:13:05 -08:00
no-validate-leaksan.txt
Update no-validate-leaksan.txt
2026-02-28 20:52:43 -08:00
package-json-lint.test.ts
feat: support Svelte in bundler and dev server (#17735)
2025-03-04 14:16:18 -08:00
package.json
Upgrade WebKit to f03492d0636f (#26922)
2026-02-23 01:28:37 -08:00
preload.ts
all: update to debian 13 (#24055) [publish images]
2025-11-28 15:01:40 -08:00
README.md
tsconfig.json
unix-domain-socket-proxy.ts
vendor.json
Revert "deps: update elysia to 1.4.13" (#24133)
2025-10-27 12:49:41 -07:00

README.md

Tests

Finding tests

Tests are located in the test/ directory and are organized using the following structure:

  • test/
    • js/ - tests for JavaScript APIs.
    • cli/ - tests for commands, configs, and stdout.
    • bundler/ - tests for the transpiler/bundler.
    • regression/ - tests that reproduce a specific issue.
    • harness.ts - utility functions that can be imported from any test.

The tests in test/js/ directory are further categorized by the type of API.

  • test/js/
    • bun/ - tests for Bun-specific APIs.
    • node/ - tests for Node.js APIs.
    • web/ - tests for Web APIs, like fetch().
    • first_party/ - tests for npm packages that are built-in, like undici.
    • third_party/ - tests for npm packages that are not built-in, but are popular, like esbuild.

Running tests

To run a test, use Bun's built-in test command: bun test.

bun test # Run all tests
bun test js/bun # Only run tests in a directory
bun test sqlite.test.ts # Only run a specific test

If you encounter lots of errors, try running bun install, then trying again.

Writing tests

Tests are written in TypeScript (preferred) or JavaScript using Jest's describe(), test(), and expect() APIs.

import { describe, test, expect } from "bun:test";
import { gcTick } from "harness";

describe("TextEncoder", () => {
  test("can encode a string", async () => {
    const encoder = new TextEncoder();
    const actual = encoder.encode("bun");
    await gcTick();
    expect(actual).toBe(new Uint8Array([0x62, 0x75, 0x6E]));
  });
});

If you are fixing a bug that was reported from a GitHub issue, remember to add a test in the test/regression/ directory.

// test/regression/issue/02005.test.ts

import { it, expect } from "bun:test";

it("regex literal should work with non-latin1", () => {
  const text = "这是一段要替换的文字";
  expect(text.replace(new RegExp("要替换"), "")).toBe("这是一段的文字");
  expect(text.replace(/要替换/, "")).toBe("这是一段的文字");
});

In the future, a bot will automatically close or re-open issues when a regression is detected or resolved.

Zig tests

These tests live in various .zig files throughout Bun's codebase, leveraging Zig's builtin test keyword.

Currently, they're not run automatically nor is there a simple way to run all of them. We will make this better soon.

TypeScript

Test files should be written in TypeScript. The types in packages/bun-types should be updated to support all new APIs. Changes to the .d.ts files in packages/bun-types will be immediately reflected in test files; no build step is necessary.

Writing a test will often require using invalid syntax, e.g. when checking for errors when an invalid input is passed to a function. TypeScript provides a number of escape hatches here.

  • // @ts-expect-error - This should be your first choice. It tells TypeScript that the next line should fail typechecking.
  • // @ts-ignore - Ignore the next line entirely.
  • // @ts-nocheck - Put this at the top of the file to disable typechecking on the entire file. Useful for autogenerated test files, or when ignoring/disabling type checks an a per-line basis is too onerous.
Reference in New Issue View Git Blame Copy Permalink