Add Swerver target (Zig HTTP/1.1+2+3 server)

[justinGrosvenor]

Adds a probe target for swerver — a high-performance HTTP/1.1 + HTTP/2 + HTTP/3 server and API gateway written in Zig 0.16 (single-threaded event loop per process — kqueue/epoll/io_uring — with a SO_REUSEPORT fork model).

What's here

src/Servers/SwerverServer/ follows the existing target layout:

• Dockerfile — multi-stage, self-contained: clones swerver main, builds a small probe app against it with zig build (ReleaseFast), runs it on :8080 in a slim runtime image. Build context is the repo root, matching the other targets.
• probe.json — {"name": "Swerver", "language": "Zig"}
• main.zig — the probe app: GET / → OK, POST / echoes the body, /echo dumps request headers, /cookie parses the Cookie header. Static files served from /app/docroot.
• config.json, build.zig, build.zig.zon, docroot/

Local result

Built and probed the container exactly as probe-local.sh does (docker build … && docker run --network host && probe):

Score: 160/161 (1 failed, 10 warnings)  54 unscored  (215 tests)

Adding swerver to the probe surfaced two genuine HTTP/1.1 conformance gaps, both now fixed upstream on swerver main (so this target builds clean against them):

• Transfer-Encoding + Content-Length conflict (RFC 9112 §6.1 smuggling vector) — now rejected with 400 and connection close instead of silently dropping Content-Length.
• Oversized request method — now caught early with 400 before the header-size limit trips a 431.

Happy to adjust naming, layout, or the handler contract to match your conventions.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Http11Probe — Compliance Comparison

Server	Score
Swerver	160/161	████████████████████ 99%

✅ Baseline Passed

Compliance

Test	Expected	Swerver
BASELINE	2xx	✅200
BARE-LF-REQUEST-LINE	400 or close (pass), 2xx (warn)	✅400
BARE-LF-HEADER	400 or close (pass), 2xx (warn)	✅400
OBS-FOLD	400	✅400
SP-BEFORE-COLON	400	✅400
MULTI-SP-REQUEST-LINE	400 or 2xx; close/timeout = warn	✅400
MISSING-HOST	400	✅400
INVALID-VERSION	400/505, close, or timeout = warn	✅400
EMPTY-HEADER-NAME	400 or close	✅400
CR-ONLY-LINE-ENDING	400, close, or timeout = warn	✅400
MISSING-TARGET	400, close, or timeout = warn	✅400
FRAGMENT-IN-TARGET	400 or 2xx; 404 = warn	⚠️404
HTTP09-REQUEST	400/close/timeout	✅TimedOut
INVALID-HEADER-NAME	400 or close	✅400
HEADER-NO-COLON	400 or close	✅400
DUPLICATE-HOST	400	✅400
CL-NON-NUMERIC	400 or close	✅400
CL-PLUS-SIGN	400 or close	✅400
WHITESPACE-BEFORE-HEADERS	400 or close	✅400
DUPLICATE-HOST-SAME	400	✅400
HOST-WITH-USERINFO	400 or close	✅400
HOST-WITH-PATH	400 or close	✅400
ASTERISK-WITH-GET	400, close, or timeout = warn	✅400
OPTIONS-STAR	2xx or 405; close/timeout = warn	✅200
UNKNOWN-TE-501	400/501 or close	✅400
LEADING-CRLF	400 or 2xx; close/timeout = warn	✅400
ABSOLUTE-FORM	2xx preferred; 400/close/timeout = warn	✅200
METHOD-CASE	400/405/501 or 2xx; close/timeout = warn	✅405
POST-CL-BODY	2xx + echo	✅200
POST-CL-ZERO	2xx or close	✅200
POST-NO-CL-NO-TE	2xx or close	✅200
POST-CL-UNDERSEND	400/close/timeout	✅TimedOut
CHUNKED-BODY	2xx + echo	✅200
CHUNKED-MULTI	2xx + echo	✅200
CHUNKED-EMPTY	2xx or close	✅200
CHUNKED-NO-FINAL	400/close/timeout	✅TimedOut
METHOD-CONNECT	400/405/501 or close	✅501
EXPECT-UNKNOWN	417 or 2xx	✅417
GET-WITH-CL-BODY	400 or 2xx	⚠️200
CHUNKED-EXTENSION	2xx preferred; 400 warns	✅200
METHOD-TRACE	405/501 or 2xx	✅405
HOST-EMPTY-VALUE	400 or close	✅400
REQUEST-LINE-TAB	400 or 2xx; close/timeout = warn	✅400
VERSION-MISSING-MINOR	400, close, or timeout = warn	✅400
VERSION-LEADING-ZEROS	400, close, or timeout = warn	✅400
VERSION-WHITESPACE	400, close, or timeout = warn	✅400
CONNECTION-CLOSE	2xx + close	✅200
HTTP10-DEFAULT-CLOSE	2xx + close	✅200
HTTP10-NO-HOST	200 or 400	⚠️200
HTTP12-VERSION	200 or 505	❌400
TRACE-WITH-BODY	400/405 or 200	✅405
CHUNKED-TRAILER-VALID	2xx + echo	✅200
CHUNKED-HEX-UPPERCASE	2xx + echo	✅200
RANGE-POST	2xx (Range ignored)	✅200
HEAD-NO-BODY	2xx with no body	✅200
UNKNOWN-METHOD	501/405/400 or close	✅405
405-ALLOW	405 + Allow header	✅405
DATE-HEADER	2xx with Date header	✅200
DATE-FORMAT	IMF-fixdate format	✅200
NO-1XX-HTTP10	non-1xx response	✅200
NO-CL-IN-204	204 without CL, or 405	✅405
OPTIONS-ALLOW	2xx with Allow header, or 405	✅405
CONTENT-TYPE	2xx with Content-Type	✅200
VERSION-CASE	400, close, or timeout = warn	✅400
LONG-URL-OK	not 414; close/timeout = warn	✅404
SPACE-IN-TARGET	400, close, or timeout = warn	✅400
DUPLICATE-CT	400 or 2xx	⚠️200
TRACE-SENSITIVE	405/501, or 200 without Auth	✅405
RANGE-INVALID	200 or 416	✅200
ACCEPT-NONSENSE	406 or 2xx	⚠️200
POST-UNSUPPORTED-CT	415 or 2xx	✅200

Smuggling

Test	Expected	Swerver
CL-TE-BOTH	400 or 2xx	✅400
DUPLICATE-CL	400 or close	✅400
CL-LEADING-ZEROS	400 or 2xx	✅400
TE-XCHUNKED	400/501 or close	✅400
TE-TRAILING-SPACE	400/501 or 2xx+close	✅400
TE-SP-BEFORE-COLON	400 or close	✅400
CL-NEGATIVE	400 or close	✅400
CLTE-PIPELINE	400 or close preferred; 2xx acceptable	✅400
TECL-PIPELINE	400 or close preferred; 2xx acceptable	✅400
CL-TRAILING-SPACE	400 or 2xx	⚠️200
TE-DOUBLE-CHUNKED	400 or 2xx	✅400
CL-EXTRA-LEADING-SP	400 or 2xx	⚠️200
TE-CASE-MISMATCH	400 or 2xx	✅400
CL-COMMA-DIFFERENT	400 or close	✅400
TE-NOT-FINAL-CHUNKED	400 or close	✅400
TE-HTTP10	400 or close	✅400
CHUNK-BARE-SEMICOLON	400 or close	✅400
CHUNK-EXT-INVALID-TOKEN	400 or close	✅400
BARE-CR-HEADER-VALUE	400 or close	✅400
CL-OCTAL	400 or close	✅400
CHUNK-UNDERSCORE	400 or close	✅400
TE-EMPTY-VALUE	400 or close	✅400
TE-LEADING-COMMA	400 or 2xx	✅400
TE-DUPLICATE-HEADERS	400 or close	✅400
CHUNK-HEX-PREFIX	400 or close	✅400
CHUNK-SIZE-PLUS	400 or close	✅400
CHUNK-SIZE-TRAILING-OWS	400 or close	✅400
CL-HEX-PREFIX	400 or close	✅400
CL-INTERNAL-SPACE	400 or close	✅400
CHUNK-LEADING-SP	400 or close	✅400
CHUNK-MISSING-TRAILING-CRLF	400 or close	✅400
CHUNK-EXT-LF	400 or 2xx	✅400
CHUNK-SPILL	400 or close	✅400
CHUNK-LF-TERM	400 or 2xx	✅400
CHUNK-EXT-CTRL	400 or close	✅400
CHUNK-EXT-CR	400 or close	✅400
TE-VTAB	400 or close	✅400
TE-FORMFEED	400 or close	✅400
TE-NULL	400 or close	✅400
CHUNK-LF-TRAILER	400 or 2xx	✅400
TE-IDENTITY	400/501 or close	✅400
CHUNK-NEGATIVE	400 or close	✅400
TRANSFER_ENCODING	400 or 2xx	⚠️200
CL-COMMA-SAME	400 or 2xx	✅400
CL-COMMA-TRIPLE	400 or 2xx	✅400
CHUNKED-WITH-PARAMS	400 or 2xx	✅400
EXPECT-100-CL	100, 400 or 2xx	⚠️200
TRAILER-CL	400 or 2xx	⚠️200
TRAILER-TE	400 or 2xx	⚠️200
TRAILER-HOST	400 or 2xx	⚠️200
TRAILER-AUTH	400 or 2xx	⚠️200
HEAD-CL-BODY	400 or 2xx	⚠️200
OPTIONS-CL-BODY	400/405 or 2xx	✅405
CL-UNDERSCORE	400 or close	✅400
CL-NEGATIVE-ZERO	400 or close	✅400
CL-DOUBLE-ZERO	400 or 2xx	✅400
CL-LEADING-ZEROS-OCTAL	400 or 2xx	✅400
TE-OBS-FOLD	400 or 2xx+close	✅400
TE-TRAILING-COMMA	400 or 2xx	✅400
TE-TAB-BEFORE-VALUE	400 or 2xx	✅400
ABSOLUTE-URI-HOST-MISMATCH	400 or 2xx	⚠️200
MULTIPLE-HOST-COMMA	400 or close	✅400
CHUNK-BARE-CR-TERM	400 or close	✅400
TRAILER-CONTENT-TYPE	400 or 2xx	⚠️200
CLTE-CONN-CLOSE	400, or 2xx + close	✅400
TECL-CONN-CLOSE	400, or 2xx + close	✅400
CLTE-DESYNC	400, or close	✅400
CLTE-SMUGGLED-GET	400, or close (no extra response)	✅400
CLTE-SMUGGLED-GET-CL-PLUS	400, or close (no extra response)	✅400
CLTE-SMUGGLED-GET-CL-NON-NUMERIC	400, or close (no extra response)	✅400
CLTE-SMUGGLED-GET-TE-OBS-FOLD	400, or close (no extra response)	✅400
CLTE-SMUGGLED-HEAD	400, or close (no extra response)	✅400
CLTE-SMUGGLED-GET-TE-TRAILING-SPACE	400, or close (no extra response)	✅400
CLTE-SMUGGLED-GET-TE-LEADING-COMMA	400, or close (no extra response)	✅400
CLTE-SMUGGLED-GET-TE-CASE-MISMATCH	400, or close (no extra response)	✅400
TE-DUPLICATE-HEADERS-SMUGGLED-GET	400, or close (no extra response)	✅400
TECL-SMUGGLED-GET	400, or close (no extra response)	✅400
DUPLICATE-CL-SMUGGLED-GET	400, or close (no extra response)	✅400
GET-CL-PREFIX-DESYNC	400/close preferred; extra response on step 2 = warn	✅400
TECL-DESYNC	400, or close	✅400
CL0-BODY-POISON	400/close preferred; poisoned follow-up = warn	⚠️405
GET-CL-BODY-DESYNC	400/close/pass-through; poisoned follow-up = warn	✅200
OPTIONS-CL-BODY-DESYNC	400/close/pass-through; poisoned follow-up = warn	✅200
EXPECT-100-CL-DESYNC	417/400/close preferred; poisoned follow-up = warn	✅200
OPTIONS-TE-OBS-FOLD	400, or 2xx + close	✅400
CHUNK-INVALID-SIZE-DESYNC	400, or close	✅400
PIPELINE-SAFE	2xx + 2xx	✅200

Malformed Input

Test	Expected	Swerver
BINARY-GARBAGE	400/close/timeout	✅400
LONG-URL	400/414/431 or close	✅431
LONG-HEADER-VALUE	400/431 or close	✅431
MANY-HEADERS	400/431 or close	✅431
NUL-IN-URL	400 or close	✅400
CONTROL-CHARS-HEADER	400 or close	✅400
INCOMPLETE-REQUEST	400/close/timeout	✅TimedOut
EMPTY-REQUEST	400/close/timeout	✅TimedOut
LONG-HEADER-NAME	400/431 or close	✅431
LONG-METHOD	400 or close	✅400
NON-ASCII-HEADER-NAME	400 or close	✅400
NON-ASCII-URL	400 or close	✅400
CL-OVERFLOW	400 or close	✅400
WHITESPACE-ONLY-LINE	400/close/timeout	✅400
NUL-IN-HEADER-VALUE	400 or close	✅400
CHUNK-SIZE-OVERFLOW	400 or close	✅400
H2-PREFACE	400/505/close/timeout	✅TimedOut
CL-EMPTY	400 or close	✅400
CL-TAB-BEFORE-VALUE	400 or 2xx	⚠️200
URL-BACKSLASH	400 or 2xx/404	⚠️404
URL-OVERLONG-UTF8	400 or close	✅400
URL-PERCENT-NULL	400 or 2xx/404	✅400
URL-PERCENT-CRLF	400 or 2xx/404	⚠️404
CHUNK-EXT-64K	400 or 2xx	❌413
RANGE-OVERLAPPING	200/206/400/416	⚠️200
POST-CL-HUGE-NO-BODY	400/413/close/timeout	✅413

Header Normalization

Test	Expected	Swerver
UNDERSCORE-CL	Reject/drop (pass), normalize (fail), preserve (warn)	⚠️200
SP-BEFORE-COLON-CL	Reject/drop (pass), normalize (fail), preserve (warn)	✅400
TAB-IN-NAME	Reject/drop (pass), normalize (fail), preserve (warn)	✅400
CASE-TE	Reject/drop (pass), normalize casing (fail), preserve (warn)	✅400
UNDERSCORE-TE	Reject/drop (pass), normalize (fail), preserve (warn)	⚠️200

_{Commit: 6e3ccbe}