Add tests for untested HTTP methods and request/response getters (#362)

* Add tests for untested HTTP methods and request/response getters

- Add HEAD, OPTIONS, TRACE method handlers to complete_test_resource
- Add integration tests for HEAD, OPTIONS, TRACE HTTP methods
- Add request_info_resource and test for get_requestor(), get_requestor_port(), get_version()
- Add content_limit_suite to test content_too_large() with content_size_limit
- Add unregister_then_404 test for webserver::unregister_resource()
- Create http_response unit test file with tests for response code, headers, footers, and cookies

These tests increase coverage for previously untested code paths in
webserver.cpp, http_request.cpp, and http_response.cpp.

* Add additional coverage tests for networking and TLS features

- Add IPv6 and dual-stack webserver tests
- Add HTTPS webserver and TLS session getter tests with graceful failure handling
- Add bind_address_ipv4 test with runtime URL building
- Add shoutcast response test for MHD_ICY_FLAG verification
- Add string_response constructor tests
- Remove CONNECT method test (incompatible with curl's tunneling semantics)

Coverage improved from ~90% to 91.8% lines, 93.3% functions.

* Add print-summary to gcovr for coverage debugging

Add --print-summary flag to gcovr command in CI to help diagnose
the discrepancy between local coverage (91.8%) and Codecov (64.53%).

* Filter gcovr to src/ directory only

The coverage report was including 15,781 lines from system headers and
dependencies instead of just the ~1,500 lines of libhttpserver source.
Use --filter to restrict coverage to src/ directory only.

* Add coverage tests for footers, PSK handlers, and ban/allow weights

- Add footer/trailer tests for http_request and http_response
- Add PSK handler configuration tests (setup, empty handler, no handler)
- Add ban/allow IP weight comparison tests for specific-then-wildcard case
- Add auth skip path tests for root path and wildcards
- Add IPv6 parsing edge case tests (too many parts, wildcards, nested)
- Add http_endpoint invalid regex pattern test
- Add custom error handler tests (not_found, method_not_allowed)
- Add request info caching tests

Branch coverage: 60.4% -> 64.2% (+65 branches)
Line coverage: 91.8% -> 94.9%

* Add Phase 2 branch coverage tests for http_request and http_endpoint

- Add null value query parameter test covering nullptr branches in
  build_request_args and build_request_querystring (lines 234, 248)
- Add digested user caching tests for cache hit and nullptr branches
  (lines 293-295, 300) in http_request.cpp
- Add caret prefix URL pattern tests covering line 85 in http_endpoint.cpp
- Add consecutive slashes URL test covering empty parts handling (line 83)

Branch coverage improvements:
- http_endpoint.cpp: 66.9% -> 68.7%
- http_request.cpp: 58.5% -> 59.7%

* Add Phase 3 branch coverage tests for render methods and error handling

- Add tests for all HTTP methods falling through to base render()
- Add custom internal error resource handler test
- Add get_arg_flat fallback test
- Add large multipart form field test (100KB)
- Add file upload with explicit content-type header test
- Add http_endpoint tests for regex validation and error paths
- Add tests for invalid URL parameter formats

* Fix cpplint issues in test files

- Replace static global strings with function-static pattern
- Change 'long' to 'int64_t' for http_code variables
- Add missing #include <utility> for std::move

* Added PSK tests

* Fix Windows test failure and add hex utility coverage

- Fix file_upload tests to use subdirectory instead of /tmp for
  cross-platform compatibility
- Extract hex validation functions (is_valid_hex, hex_char_to_val)
  from webserver.cpp to string_utilities for testability
- Add unit tests for hex utility functions to improve coverage

* Fix Windows mkdir compatibility issue

On Windows/MinGW, mkdir() only takes one argument (path), while
POSIX mkdir() takes two (path and mode). Add a MKDIR macro that
uses the appropriate signature for each platform.

Author: etr

.github/workflows/verify-build.yml

@@ -470,7 +470,7 @@ jobs:
 
     - name: Setup gnutls dependency (only on linux)
       run: |
-        sudo apt-get install libgnutls28-dev ;
+        sudo apt-get install libgnutls28-dev gnutls-bin ;
       if: ${{ matrix.os-type == 'ubuntu' }}
 
     - name: Fetch libmicrohttpd from cache
@@ -668,7 +668,7 @@ jobs:
     - name: Generate coverage report
       run: |
         cd build
-        gcovr --root .. --exclude test/ --xml coverage.xml --xml-pretty
+        gcovr --root .. --filter '../src/' --xml coverage.xml --xml-pretty --print-summary
       if: ${{ matrix.os-type == 'ubuntu' && matrix.c-compiler == 'gcc' && matrix.debug == 'debug' && matrix.coverage == 'coverage' && success() }}
 
     - name: Upload coverage to Codecov

src/httpserver/string_utilities.hpp

@@ -42,6 +42,20 @@ const std::string to_upper_copy(const std::string& str);
 const std::string to_lower_copy(const std::string& str);
 const std::vector<std::string> string_split(const std::string& s, char sep = ' ', bool collapse = true);
 
+/**
+ * Validate that a string contains only valid hexadecimal characters (0-9, a-f, A-F)
+ * @param s The string to validate
+ * @return true if string contains only valid hex characters, false otherwise
+ */
+bool is_valid_hex(const std::string& s);
+
+/**
+ * Convert a hex character to its numeric value (0-15)
+ * @param c The hex character to convert
+ * @return numeric value (0-15), or 0 for invalid characters
+ */
+unsigned char hex_char_to_val(char c);
+
 }  // namespace string_utilities
 
 }  // namespace httpserver

src/httpserver/webserver.hpp

@@ -227,9 +227,12 @@ class webserver {
      MHD_Result complete_request(MHD_Connection* connection, struct details::modded_request* mr, const char* version, const char* method);
 
 #ifdef HAVE_GNUTLS
-     static int psk_cred_handler_func(gnutls_session_t session,
+     // MHD_PskServerCredentialsCallback signature
+     static int psk_cred_handler_func(void* cls,
+                                       struct MHD_Connection* connection,
                                        const char* username,
-                                       gnutls_datum_t* key);
+                                       void** psk,
+                                       size_t* psk_size);
 #endif  // HAVE_GNUTLS
 
      friend MHD_Result policy_callback(void *cls, const struct sockaddr* addr, socklen_t addrlen);

src/string_utilities.cpp

@@ -55,5 +55,22 @@ const std::vector<std::string> string_split(const std::string& s, char sep, bool
     return result;
 }
 
+bool is_valid_hex(const std::string& s) {
+    for (char c : s) {
+        if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') ||
+              (c >= 'A' && c <= 'F'))) {
+            return false;
+        }
+    }
+    return true;
+}
+
+unsigned char hex_char_to_val(char c) {
+    if (c >= '0' && c <= '9') return static_cast<unsigned char>(c - '0');
+    if (c >= 'a' && c <= 'f') return static_cast<unsigned char>(c - 'a' + 10);
+    if (c >= 'A' && c <= 'F') return static_cast<unsigned char>(c - 'A' + 10);
+    return 0;
+}
+
 }  // namespace string_utilities
 }  // namespace httpserver

src/webserver.cpp

@@ -58,12 +58,17 @@
 #include "httpserver/http_resource.hpp"
 #include "httpserver/http_response.hpp"
 #include "httpserver/http_utils.hpp"
+#include "httpserver/string_utilities.hpp"
 #include "httpserver/string_response.hpp"
 
 struct MHD_Connection;
 
 #define _REENTRANT 1
 
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif  // HAVE_GNUTLS
+
 #ifndef SOCK_CLOEXEC
 #define SOCK_CLOEXEC 02000000
 #endif
@@ -425,11 +430,22 @@ void webserver::disallow_ip(const string& ip) {
 }
 
 #ifdef HAVE_GNUTLS
-int webserver::psk_cred_handler_func(gnutls_session_t session,
+// MHD_PskServerCredentialsCallback signature:
+// The 'cls' parameter is our webserver pointer (passed via MHD_OPTION)
+// Returns 0 on success, -1 on error
+// The psk output should be allocated with malloc() - MHD will free it
+int webserver::psk_cred_handler_func(void* cls,
+                                      struct MHD_Connection* connection,
                                       const char* username,
-                                      gnutls_datum_t* key) {
-    webserver* ws = static_cast<webserver*>(
-        gnutls_session_get_ptr(session));
+                                      void** psk,
+                                      size_t* psk_size) {
+    std::ignore = connection;  // Not needed - we get context from cls
+
+    webserver* ws = static_cast<webserver*>(cls);
+
+    // Initialize output to safe values
+    *psk = nullptr;
+    *psk_size = 0;
 
     if (ws == nullptr || ws->psk_cred_handler == nullptr) {
         return -1;
@@ -440,23 +456,28 @@ int webserver::psk_cred_handler_func(gnutls_session_t session,
         return -1;
     }
 
-    // Convert hex string to binary
+    // Validate hex string before allocating memory
     size_t psk_len = psk_hex.size() / 2;
-    key->data = static_cast<unsigned char*>(gnutls_malloc(psk_len));
-    if (key->data == nullptr) {
+    if (psk_len == 0 || (psk_hex.size() % 2 != 0) ||
+        !string_utilities::is_valid_hex(psk_hex)) {
         return -1;
     }
 
-    size_t output_size = psk_len;
-    int ret = gnutls_hex2bin(psk_hex.c_str(), psk_hex.size(),
-                             key->data, &output_size);
-    if (ret < 0) {
-        gnutls_free(key->data);
-        key->data = nullptr;
+    // Allocate with malloc - MHD will free this
+    unsigned char* psk_data = static_cast<unsigned char*>(malloc(psk_len));
+    if (psk_data == nullptr) {
         return -1;
     }
 
-    key->size = static_cast<unsigned int>(output_size);
+    // Convert hex string to binary
+    for (size_t i = 0; i < psk_len; i++) {
+        psk_data[i] = static_cast<unsigned char>(
+            (string_utilities::hex_char_to_val(psk_hex[i * 2]) << 4) |
+             string_utilities::hex_char_to_val(psk_hex[i * 2 + 1]));
+    }
+
+    *psk = psk_data;
+    *psk_size = psk_len;
     return 0;
 }
 #endif  // HAVE_GNUTLS

test/Makefile.am

@@ -26,7 +26,7 @@ LDADD += -lcurl
 
 AM_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/src/httpserver/
 METASOURCES = AUTO
-check_PROGRAMS = basic file_upload http_utils threaded nodelay string_utilities http_endpoint ban_system ws_start_stop authentication deferred http_resource
+check_PROGRAMS = basic file_upload http_utils threaded nodelay string_utilities http_endpoint ban_system ws_start_stop authentication deferred http_resource http_response create_webserver
 
 MOSTLYCLEANFILES = *.gcda *.gcno *.gcov
 
@@ -42,6 +42,8 @@ string_utilities_SOURCES = unit/string_utilities_test.cpp
 http_endpoint_SOURCES = unit/http_endpoint_test.cpp
 nodelay_SOURCES = integ/nodelay.cpp
 http_resource_SOURCES = unit/http_resource_test.cpp
+http_response_SOURCES = unit/http_response_test.cpp
+create_webserver_SOURCES = unit/create_webserver_test.cpp
 
 noinst_HEADERS = littletest.hpp
 AM_CXXFLAGS += -Wall -fPIC -Wno-overloaded-virtual