From 2aa56ad59782a6c68e2d15a3059aa91fde786a84 Mon Sep 17 00:00:00 2001
From: benyuz <305378604@qq.com>
Date: Mon, 4 May 2026 12:39:19 +0800
Subject: [PATCH 1/7] Add bounds check for header substring operation

Added bounds check before substring operation to prevent ArgumentOutOfRangeException.
---
 .../Http/System.Net.WebHeaders.cs                     | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs b/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs
index 3aba84d2..da9a2e8a 100644
--- a/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs
+++ b/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs
@@ -427,7 +427,16 @@ public void Add(string header)
             }
 
             string name = header.Substring(0, colpos);
-            string value = header.Substring(colpos + 1);
+            // Fix: Check bounds before Substring to prevent ArgumentOutOfRangeException
+            string value;
+            if (colpos + 1 >= header.Length)
+            {
+                value = string.Empty;
+            }
+            else
+            {
+                value = header.Substring(colpos + 1);
+            }
 
             name = CheckBadChars(name, false);
             ThrowOnRestrictedHeader(name);

From 85ec85e4c33dd656923d99d422f78bb0ad8a542c Mon Sep 17 00:00:00 2001
From: benyuz <305378604@qq.com>
Date: Mon, 4 May 2026 19:52:36 +0800
Subject: [PATCH 2/7] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs b/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs
index da9a2e8a..95871865 100644
--- a/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs
+++ b/nanoFramework.System.Net.Http/Http/System.Net.WebHeaders.cs
@@ -427,7 +427,7 @@ public void Add(string header)
             }
 
             string name = header.Substring(0, colpos);
-            // Fix: Check bounds before Substring to prevent ArgumentOutOfRangeException
+            // Handle empty header value
             string value;
             if (colpos + 1 >= header.Length)
             {

From f6dcce0b078895af2698c80a61b105ab8529e44c Mon Sep 17 00:00:00 2001
From: benyuz <305378604@qq.com>
Date: Mon, 4 May 2026 21:34:15 +0800
Subject: [PATCH 3/7] Add unit tests for WebHeaderCollection Authorization
 headers

This test class verifies the behavior of adding various Authorization headers to a WebHeaderCollection, ensuring that no exceptions are thrown for valid inputs and that the values are stored correctly.
---
 .../HttpUnitTests/WebHeaderCollectionTests.cs | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 Tests/HttpUnitTests/WebHeaderCollectionTests.cs

diff --git a/Tests/HttpUnitTests/WebHeaderCollectionTests.cs b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
new file mode 100644
index 00000000..b8cec5ee
--- /dev/null
+++ b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
@@ -0,0 +1,55 @@
+//
+// Copyright (c) .NET Foundation and Contributors
+// See LICENSE file in the project root for full license information.
+//
+
+using nanoFramework.TestFramework;
+using System.Net;
+
+namespace HttpUnitTests
+{
+    [TestClass]
+    public class WebHeaderCollectionTests
+    {
+        [TestMethod]
+        public void Add_Authorization_BearerWithSpaceAndNoValue_ShouldNotThrow()
+        {
+            var headers = new WebHeaderCollection();
+            headers.Add("Authorization: Bearer ");
+        }
+
+        [TestMethod]
+        public void Add_Authorization_NoSpaceSingleChar_ShouldNotThrow()
+        {
+            var headers = new WebHeaderCollection();
+            headers.Add("Authorization: 1");
+        }
+
+        [TestMethod]
+        public void Add_Authorization_ValidBearer_ShouldSucceed()
+        {
+            var headers = new WebHeaderCollection();
+            headers.Add("Authorization: Bearer a11111");
+            string value = headers["Authorization"];
+            Assert.AreEqual("Bearer a11111", value);
+        }
+
+        [TestMethod]
+        public void Add_Authorization_ValidTestValue_ShouldSucceed()
+        {
+            var headers = new WebHeaderCollection();
+            headers.Add("Authorization: test 1");
+            string value = headers["Authorization"];
+            Assert.AreEqual("test 1", value);
+        }
+
+        [TestMethod]
+        public void Add_Authorization_ValidSingleLetterPair_ShouldSucceed()
+        {
+            var headers = new WebHeaderCollection();
+            headers.Add("Authorization: a b");
+            string value = headers["Authorization"];
+            Assert.AreEqual("a b", value);
+        }
+    }
+}

From 9c2263f0b26c4824ac5ff8292cb6cc7740a0a587 Mon Sep 17 00:00:00 2001
From: benyuz <305378604@qq.com>
Date: Mon, 4 May 2026 21:42:37 +0800
Subject: [PATCH 4/7] Add tests for Authorization header handling

---
 Tests/HttpUnitTests/WebHeaderCollectionTests.cs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/Tests/HttpUnitTests/WebHeaderCollectionTests.cs b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
index b8cec5ee..52f7ffc0 100644
--- a/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
+++ b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
@@ -51,5 +51,22 @@ public void Add_Authorization_ValidSingleLetterPair_ShouldSucceed()
             string value = headers["Authorization"];
             Assert.AreEqual("a b", value);
         }
+        [TestMethod]
+        public void Add_Authorization_EmptyValue_ShouldNotThrow()
+        {
+            var headers = new WebHeaderCollection();
+            headers.Add("Authorization:");
+            string value = headers["Authorization"];
+            Assert.AreEqual(string.Empty, value);
+        }
+
+        [TestMethod]
+        public void Add_Authorization_ColonWithSpaceOnly_ShouldNotThrow()
+        {
+            var headers = new WebHeaderCollection();
+            headers.Add("Authorization: ");
+            string value = headers["Authorization"];
+            Assert.AreEqual(string.Empty, value);
+        }
     }
 }

From fdc2c67c42e9f318893db1f3af9ea1af542fa96d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Sim=C3=B5es?= <jose.simoes@eclo.solutions>
Date: Mon, 4 May 2026 15:55:12 +0100
Subject: [PATCH 5/7] Remove obvious suffix from names

---
 Tests/HttpUnitTests/WebHeaderCollectionTests.cs | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Tests/HttpUnitTests/WebHeaderCollectionTests.cs b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
index 52f7ffc0..6c45903f 100644
--- a/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
+++ b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
@@ -12,21 +12,21 @@ namespace HttpUnitTests
     public class WebHeaderCollectionTests
     {
         [TestMethod]
-        public void Add_Authorization_BearerWithSpaceAndNoValue_ShouldNotThrow()
+        public void Add_Authorization_BearerWithSpaceAndNoValue()
         {
             var headers = new WebHeaderCollection();
             headers.Add("Authorization: Bearer ");
         }
 
         [TestMethod]
-        public void Add_Authorization_NoSpaceSingleChar_ShouldNotThrow()
+        public void Add_Authorization_NoSpaceSingleChar()
         {
             var headers = new WebHeaderCollection();
             headers.Add("Authorization: 1");
         }
 
         [TestMethod]
-        public void Add_Authorization_ValidBearer_ShouldSucceed()
+        public void Add_Authorization_ValidBearer()
         {
             var headers = new WebHeaderCollection();
             headers.Add("Authorization: Bearer a11111");
@@ -35,7 +35,7 @@ public void Add_Authorization_ValidBearer_ShouldSucceed()
         }
 
         [TestMethod]
-        public void Add_Authorization_ValidTestValue_ShouldSucceed()
+        public void Add_Authorization_ValidTestValue()
         {
             var headers = new WebHeaderCollection();
             headers.Add("Authorization: test 1");
@@ -44,7 +44,7 @@ public void Add_Authorization_ValidTestValue_ShouldSucceed()
         }
 
         [TestMethod]
-        public void Add_Authorization_ValidSingleLetterPair_ShouldSucceed()
+        public void Add_Authorization_ValidSingleLetterPair()
         {
             var headers = new WebHeaderCollection();
             headers.Add("Authorization: a b");
@@ -52,7 +52,7 @@ public void Add_Authorization_ValidSingleLetterPair_ShouldSucceed()
             Assert.AreEqual("a b", value);
         }
         [TestMethod]
-        public void Add_Authorization_EmptyValue_ShouldNotThrow()
+        public void Add_Authorization_EmptyValue()
         {
             var headers = new WebHeaderCollection();
             headers.Add("Authorization:");
@@ -61,7 +61,7 @@ public void Add_Authorization_EmptyValue_ShouldNotThrow()
         }
 
         [TestMethod]
-        public void Add_Authorization_ColonWithSpaceOnly_ShouldNotThrow()
+        public void Add_Authorization_ColonWithSpaceOnly()
         {
             var headers = new WebHeaderCollection();
             headers.Add("Authorization: ");

From c8ca5b7ee7117debdbadec6a25f51376205655aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Sim=C3=B5es?= <jose.simoes@eclo.solutions>
Date: Mon, 4 May 2026 15:55:32 +0100
Subject: [PATCH 6/7] Add new unit tests that are meant to throw

---
 .../HttpUnitTests/WebHeaderCollectionTests.cs | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/Tests/HttpUnitTests/WebHeaderCollectionTests.cs b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
index 6c45903f..d5d6d914 100644
--- a/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
+++ b/Tests/HttpUnitTests/WebHeaderCollectionTests.cs
@@ -4,6 +4,7 @@
 //
 
 using nanoFramework.TestFramework;
+using System;
 using System.Net;
 
 namespace HttpUnitTests
@@ -68,5 +69,33 @@ public void Add_Authorization_ColonWithSpaceOnly()
             string value = headers["Authorization"];
             Assert.AreEqual(string.Empty, value);
         }
+
+        [TestMethod]
+        public void Add_NullHeader_ThrowsArgumentNullException()
+        {
+            var headers = new WebHeaderCollection();
+            Assert.ThrowsException(typeof(ArgumentNullException), () => headers.Add(null));
+        }
+
+        [TestMethod]
+        public void Add_EmptyHeader_ThrowsArgumentNullException()
+        {
+            var headers = new WebHeaderCollection();
+            Assert.ThrowsException(typeof(ArgumentNullException), () => headers.Add(string.Empty));
+        }
+
+        [TestMethod]
+        public void Add_HeaderWithNoColon_ThrowsArgumentException()
+        {
+            var headers = new WebHeaderCollection();
+            Assert.ThrowsException(typeof(ArgumentException), () => headers.Add("Authorization"));
+        }
+
+        [TestMethod]
+        public void Add_HeaderNameWithSpace_ThrowsArgumentException()
+        {
+            var headers = new WebHeaderCollection();
+            Assert.ThrowsException(typeof(ArgumentException), () => headers.Add("My Header: value"));
+        }
     }
 }

From f584fd9b7848daaef4f29288a195bcef0881fd64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Sim=C3=B5es?= <jose.simoes@eclo.solutions>
Date: Mon, 4 May 2026 15:55:52 +0100
Subject: [PATCH 7/7] WebHeaderCollectionTests are now in unit test project

---
 Tests/HttpUnitTests/HttpUnitTests.nfproj | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Tests/HttpUnitTests/HttpUnitTests.nfproj b/Tests/HttpUnitTests/HttpUnitTests.nfproj
index 1ac9eaeb..efba09ed 100644
--- a/Tests/HttpUnitTests/HttpUnitTests.nfproj
+++ b/Tests/HttpUnitTests/HttpUnitTests.nfproj
@@ -35,6 +35,7 @@
     <Compile Include="MockContent.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="UriUnitTests.cs" />
+    <Compile Include="WebHeaderCollectionTests.cs" />
   </ItemGroup>
   <ItemGroup>
     <Content Include="packages.lock.json" />