Align test validation with docs and probe STRICT expectations

MDA2AV · claude · MDA2AV · commit 28aea9bb83e1 · 2026-02-08T10:41:05.000Z
- All status checks use Exact(400) instead of Range4xx to match probe
- MUST-400 tests (SP-BEFORE-COLON, MISSING-HOST, DUPLICATE-HOST, OBS-FOLD,
  CR-ONLY) no longer allow connection close as a passing outcome
- INVALID-VERSION accepts only 400/505 (not full 4xx/5xx range)
- Scored smuggling tests (TE-XCHUNKED, TE-TRAILING-SPACE, CLTE/TECL-PIPELINE)
  now return Fail for 2xx instead of Warn
- Malformed input CustomValidators accept only documented status codes
- MAL-BINARY-GARBAGE now handles timeout (was a bug)
- MAL-EMPTY-REQUEST sends zero bytes (was sending CRLF)
- MAL-INCOMPLETE-REQUEST sends partial request with headers (was just "GET ")
- Added missing RfcReferences to all smuggling tests
- Fixed RfcReferences for SP-BEFORE-COLON, MISSING-HOST, DUPLICATE-HOST
- Fixed duplicate Glossary breadcrumb in docs

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/docs/content/docs/_index.md b/docs/content/docs/_index.md
@@ -1,6 +1,7 @@
 ---
 title: Glossary
 description: "Glossary — Http11Probe documentation"
+breadcrumbs: false
 sidebar:
   open: false
 ---
diff --git a/src/Http11Probe/TestCases/Suites/ComplianceSuite.cs b/src/Http11Probe/TestCases/Suites/ComplianceSuite.cs
@@ -28,7 +28,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\nHost: {ctx.HostHeader}\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -42,7 +42,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\nX-Test: value\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -56,8 +56,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nX-Test: value\r\n continued\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
-                AllowConnectionClose = true
+                ExpectedStatus = StatusCodeRange.Exact(400)
             }
         };
 
@@ -66,12 +65,11 @@ public static IEnumerable<TestCase> GetTestCases()
             Id = "RFC9110-5.6.2-SP-BEFORE-COLON",
             Description = "Whitespace between header name and colon must be rejected",
             Category = TestCategory.Compliance,
-            RfcReference = "RFC 9110 §5.6.2",
+            RfcReference = "RFC 9112 §5",
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nX-Test : value\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
-                AllowConnectionClose = true
+                ExpectedStatus = StatusCodeRange.Exact(400)
             }
         };
 
@@ -84,7 +82,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET  / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -94,12 +92,11 @@ public static IEnumerable<TestCase> GetTestCases()
             Id = "RFC9112-7.1-MISSING-HOST",
             Description = "Request without Host header must be rejected with 400",
             Category = TestCategory.Compliance,
-            RfcReference = "RFC 9112 §7.1",
+            RfcReference = "RFC 9112 §3.2",
             PayloadFactory = _ => MakeRequest("GET / HTTP/1.1\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
-                AllowConnectionClose = true
+                ExpectedStatus = StatusCodeRange.Exact(400)
             }
         };
 
@@ -112,8 +109,14 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/9.9\r\nHost: {ctx.HostHeader}\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xxOr5xx,
-                AllowConnectionClose = true
+                CustomValidator = (response, state) =>
+                {
+                    if (response is null)
+                        return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;
+                    if (response.StatusCode is 400 or 505)
+                        return TestVerdict.Pass;
+                    return TestVerdict.Fail;
+                }
             }
         };
 
@@ -126,7 +129,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n: empty-name\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -140,8 +143,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\rHost: {ctx.HostHeader}\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
-                AllowConnectionClose = true
+                ExpectedStatus = StatusCodeRange.Exact(400)
             }
         };
 
@@ -154,7 +156,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -168,7 +170,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET /path#frag HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -186,7 +188,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 {
                     if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)
                         return TestVerdict.Pass;
-                    if (response is not null && response.StatusCode >= 400)
+                    if (response is not null && response.StatusCode == 400)
                         return TestVerdict.Pass;
                     return TestVerdict.Fail;
                 }
@@ -202,7 +204,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nBad[Name: value\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -216,7 +218,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nNoColonHere\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -226,12 +228,11 @@ public static IEnumerable<TestCase> GetTestCases()
             Id = "RFC9110-5.4-DUPLICATE-HOST",
             Description = "Duplicate Host headers with different values must be rejected",
             Category = TestCategory.Compliance,
-            RfcReference = "RFC 9110 §5.4",
+            RfcReference = "RFC 9112 §3.2",
             PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nHost: other.example.com\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
-                AllowConnectionClose = true
+                ExpectedStatus = StatusCodeRange.Exact(400)
             }
         };
 
@@ -244,7 +245,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: abc\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -258,7 +259,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: +5\r\n\r\nhello"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
diff --git a/src/Http11Probe/TestCases/Suites/MalformedInputSuite.cs b/src/Http11Probe/TestCases/Suites/MalformedInputSuite.cs
@@ -21,8 +21,15 @@ public static IEnumerable<TestCase> GetTestCases()
             },
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
-                AllowConnectionClose = true
+                CustomValidator = (response, state) =>
+                {
+                    // Any of these is acceptable: 400, close, or timeout
+                    if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)
+                        return TestVerdict.Pass;
+                    if (response is not null && response.StatusCode == 400)
+                        return TestVerdict.Pass;
+                    return TestVerdict.Fail;
+                }
             }
         };
 
@@ -42,8 +49,8 @@ public static IEnumerable<TestCase> GetTestCases()
                 {
                     if (response is null)
                         return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;
-                    // 414 is ideal, but any 4xx is acceptable
-                    return response.StatusCode >= 400 && response.StatusCode < 600
+                    // 414 is ideal, 400 and 431 are also acceptable
+                    return response.StatusCode is 400 or 414 or 431
                         ? TestVerdict.Pass
                         : TestVerdict.Fail;
                 }
@@ -66,7 +73,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 {
                     if (response is null)
                         return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;
-                    return response.StatusCode >= 400 && response.StatusCode < 600
+                    return response.StatusCode is 400 or 431
                         ? TestVerdict.Pass
                         : TestVerdict.Fail;
                 }
@@ -93,7 +100,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 {
                     if (response is null)
                         return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;
-                    return response.StatusCode >= 400 && response.StatusCode < 600
+                    return response.StatusCode is 400 or 431
                         ? TestVerdict.Pass
                         : TestVerdict.Fail;
                 }
@@ -108,7 +115,7 @@ public static IEnumerable<TestCase> GetTestCases()
             PayloadFactory = ctx => MakeRequest($"GET /\0test HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -126,25 +133,25 @@ public static IEnumerable<TestCase> GetTestCases()
             },
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
 
         yield return new TestCase
         {
             Id = "MAL-INCOMPLETE-REQUEST",
-            Description = "Incomplete request line (just 'GET ') should timeout or close, not crash",
+            Description = "Partial HTTP request — request-line and headers but no final CRLF",
             Category = TestCategory.MalformedInput,
-            PayloadFactory = _ => MakeRequest("GET "),
+            PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nX-Test: value"),
             Expected = new ExpectedBehavior
             {
                 CustomValidator = (response, state) =>
                 {
                     // Any of these is acceptable: timeout, close, or 400
                     if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)
                         return TestVerdict.Pass;
-                    if (response is not null && response.StatusCode >= 400)
+                    if (response is not null && response.StatusCode == 400)
                         return TestVerdict.Pass;
                     return TestVerdict.Fail;
                 }
@@ -154,16 +161,16 @@ public static IEnumerable<TestCase> GetTestCases()
         yield return new TestCase
         {
             Id = "MAL-EMPTY-REQUEST",
-            Description = "Empty request (just CRLF) should be handled gracefully",
+            Description = "Zero bytes — TCP connection established without sending any data",
             Category = TestCategory.MalformedInput,
-            PayloadFactory = _ => MakeRequest("\r\n"),
+            PayloadFactory = _ => [],
             Expected = new ExpectedBehavior
             {
                 CustomValidator = (response, state) =>
                 {
                     if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)
                         return TestVerdict.Pass;
-                    if (response is not null && response.StatusCode >= 400)
+                    if (response is not null && response.StatusCode == 400)
                         return TestVerdict.Pass;
                     return TestVerdict.Fail;
                 }
@@ -186,7 +193,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 {
                     if (response is null)
                         return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;
-                    return response.StatusCode >= 400 && response.StatusCode < 600
+                    return response.StatusCode is 400 or 431
                         ? TestVerdict.Pass
                         : TestVerdict.Fail;
                 }
@@ -209,7 +216,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 {
                     if (response is null)
                         return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;
-                    return response.StatusCode >= 400 && response.StatusCode < 600
+                    return response.StatusCode == 400
                         ? TestVerdict.Pass
                         : TestVerdict.Fail;
                 }
@@ -235,7 +242,7 @@ public static IEnumerable<TestCase> GetTestCases()
             },
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -259,7 +266,7 @@ public static IEnumerable<TestCase> GetTestCases()
             },
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -273,7 +280,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: 99999999999999999999\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                ExpectedStatus = StatusCodeRange.Range4xx,
+                ExpectedStatus = StatusCodeRange.Exact(400),
                 AllowConnectionClose = true
             }
         };
@@ -290,7 +297,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 {
                     if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)
                         return TestVerdict.Pass;
-                    if (response is not null && response.StatusCode >= 400)
+                    if (response is not null && response.StatusCode == 400)
                         return TestVerdict.Pass;
                     return TestVerdict.Fail;
                 }
diff --git a/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs b/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`28`	`28`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\nHost: {ctx.HostHeader}\r\n\r\n"),`
`29`	`29`	`Expected = new ExpectedBehavior`
`30`	`30`	`{`
`31`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`31`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`32`	`32`	`AllowConnectionClose = true`
`33`	`33`	`}`
`34`	`34`	`};`
`@@ -42,7 +42,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`42`	`42`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\nX-Test: value\r\n\r\n"),`
`43`	`43`	`Expected = new ExpectedBehavior`
`44`	`44`	`{`
`45`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`45`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`46`	`46`	`AllowConnectionClose = true`
`47`	`47`	`}`
`48`	`48`	`};`
`@@ -56,8 +56,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`56`	`56`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nX-Test: value\r\n continued\r\n\r\n"),`
`57`	`57`	`Expected = new ExpectedBehavior`
`58`	`58`	`{`
`59`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
`60`		`- AllowConnectionClose = true`
	`59`	`+ ExpectedStatus = StatusCodeRange.Exact(400)`
`61`	`60`	`}`
`62`	`61`	`};`
`63`	`62`
`@@ -66,12 +65,11 @@ public static IEnumerable<TestCase> GetTestCases()`
`66`	`65`	`Id = "RFC9110-5.6.2-SP-BEFORE-COLON",`
`67`	`66`	`Description = "Whitespace between header name and colon must be rejected",`
`68`	`67`	`Category = TestCategory.Compliance,`
`69`		`- RfcReference = "RFC 9110 §5.6.2",`
	`68`	`+ RfcReference = "RFC 9112 §5",`
`70`	`69`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nX-Test : value\r\n\r\n"),`
`71`	`70`	`Expected = new ExpectedBehavior`
`72`	`71`	`{`
`73`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
`74`		`- AllowConnectionClose = true`
	`72`	`+ ExpectedStatus = StatusCodeRange.Exact(400)`
`75`	`73`	`}`
`76`	`74`	`};`
`77`	`75`
`@@ -84,7 +82,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`84`	`82`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),`
`85`	`83`	`Expected = new ExpectedBehavior`
`86`	`84`	`{`
`87`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`85`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`88`	`86`	`AllowConnectionClose = true`
`89`	`87`	`}`
`90`	`88`	`};`
`@@ -94,12 +92,11 @@ public static IEnumerable<TestCase> GetTestCases()`
`94`	`92`	`Id = "RFC9112-7.1-MISSING-HOST",`
`95`	`93`	`Description = "Request without Host header must be rejected with 400",`
`96`	`94`	`Category = TestCategory.Compliance,`
`97`		`- RfcReference = "RFC 9112 §7.1",`
	`95`	`+ RfcReference = "RFC 9112 §3.2",`
`98`	`96`	`PayloadFactory = _ => MakeRequest("GET / HTTP/1.1\r\n\r\n"),`
`99`	`97`	`Expected = new ExpectedBehavior`
`100`	`98`	`{`
`101`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
`102`		`- AllowConnectionClose = true`
	`99`	`+ ExpectedStatus = StatusCodeRange.Exact(400)`
`103`	`100`	`}`
`104`	`101`	`};`
`105`	`102`
`@@ -112,8 +109,14 @@ public static IEnumerable<TestCase> GetTestCases()`
`112`	`109`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/9.9\r\nHost: {ctx.HostHeader}\r\n\r\n"),`
`113`	`110`	`Expected = new ExpectedBehavior`
`114`	`111`	`{`
`115`		`- ExpectedStatus = StatusCodeRange.Range4xxOr5xx,`
`116`		`- AllowConnectionClose = true`
	`112`	`+ CustomValidator = (response, state) =>`
	`113`	`+ {`
	`114`	`+ if (response is null)`
	`115`	`+ return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;`
	`116`	`+ if (response.StatusCode is 400 or 505)`
	`117`	`+ return TestVerdict.Pass;`
	`118`	`+ return TestVerdict.Fail;`
	`119`	`+ }`
`117`	`120`	`}`
`118`	`121`	`};`
`119`	`122`
`@@ -126,7 +129,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`126`	`129`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n: empty-name\r\n\r\n"),`
`127`	`130`	`Expected = new ExpectedBehavior`
`128`	`131`	`{`
`129`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`132`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`130`	`133`	`AllowConnectionClose = true`
`131`	`134`	`}`
`132`	`135`	`};`
`@@ -140,8 +143,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`140`	`143`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\rHost: {ctx.HostHeader}\r\n\r\n"),`
`141`	`144`	`Expected = new ExpectedBehavior`
`142`	`145`	`{`
`143`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
`144`		`- AllowConnectionClose = true`
	`146`	`+ ExpectedStatus = StatusCodeRange.Exact(400)`
`145`	`147`	`}`
`146`	`148`	`};`
`147`	`149`
`@@ -154,7 +156,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`154`	`156`	`PayloadFactory = ctx => MakeRequest($"GET HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),`
`155`	`157`	`Expected = new ExpectedBehavior`
`156`	`158`	`{`
`157`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`159`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`158`	`160`	`AllowConnectionClose = true`
`159`	`161`	`}`
`160`	`162`	`};`
`@@ -168,7 +170,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`168`	`170`	`PayloadFactory = ctx => MakeRequest($"GET /path#frag HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),`
`169`	`171`	`Expected = new ExpectedBehavior`
`170`	`172`	`{`
`171`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`173`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`172`	`174`	`AllowConnectionClose = true`
`173`	`175`	`}`
`174`	`176`	`};`
`@@ -186,7 +188,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`186`	`188`	`{`
`187`	`189`	`if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)`
`188`	`190`	`return TestVerdict.Pass;`
`189`		`- if (response is not null && response.StatusCode >= 400)`
	`191`	`+ if (response is not null && response.StatusCode == 400)`
`190`	`192`	`return TestVerdict.Pass;`
`191`	`193`	`return TestVerdict.Fail;`
`192`	`194`	`}`
`@@ -202,7 +204,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`202`	`204`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nBad[Name: value\r\n\r\n"),`
`203`	`205`	`Expected = new ExpectedBehavior`
`204`	`206`	`{`
`205`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`207`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`206`	`208`	`AllowConnectionClose = true`
`207`	`209`	`}`
`208`	`210`	`};`
`@@ -216,7 +218,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`216`	`218`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nNoColonHere\r\n\r\n"),`
`217`	`219`	`Expected = new ExpectedBehavior`
`218`	`220`	`{`
`219`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`221`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`220`	`222`	`AllowConnectionClose = true`
`221`	`223`	`}`
`222`	`224`	`};`
`@@ -226,12 +228,11 @@ public static IEnumerable<TestCase> GetTestCases()`
`226`	`228`	`Id = "RFC9110-5.4-DUPLICATE-HOST",`
`227`	`229`	`Description = "Duplicate Host headers with different values must be rejected",`
`228`	`230`	`Category = TestCategory.Compliance,`
`229`		`- RfcReference = "RFC 9110 §5.4",`
	`231`	`+ RfcReference = "RFC 9112 §3.2",`
`230`	`232`	`PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nHost: other.example.com\r\n\r\n"),`
`231`	`233`	`Expected = new ExpectedBehavior`
`232`	`234`	`{`
`233`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
`234`		`- AllowConnectionClose = true`
	`235`	`+ ExpectedStatus = StatusCodeRange.Exact(400)`
`235`	`236`	`}`
`236`	`237`	`};`
`237`	`238`
`@@ -244,7 +245,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`244`	`245`	`PayloadFactory = ctx => MakeRequest($"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: abc\r\n\r\n"),`
`245`	`246`	`Expected = new ExpectedBehavior`
`246`	`247`	`{`
`247`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`248`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`248`	`249`	`AllowConnectionClose = true`
`249`	`250`	`}`
`250`	`251`	`};`
`@@ -258,7 +259,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`258`	`259`	`PayloadFactory = ctx => MakeRequest($"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: +5\r\n\r\nhello"),`
`259`	`260`	`Expected = new ExpectedBehavior`
`260`	`261`	`{`
`261`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`262`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`262`	`263`	`AllowConnectionClose = true`
`263`	`264`	`}`
`264`	`265`	`};`
Original file line number	Diff line number	Diff line change
`@@ -21,8 +21,15 @@ public static IEnumerable<TestCase> GetTestCases()`
`21`	`21`	`},`
`22`	`22`	`Expected = new ExpectedBehavior`
`23`	`23`	`{`
`24`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
`25`		`- AllowConnectionClose = true`
	`24`	`+ CustomValidator = (response, state) =>`
	`25`	`+ {`
	`26`	`+ // Any of these is acceptable: 400, close, or timeout`
	`27`	`+ if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)`
	`28`	`+ return TestVerdict.Pass;`
	`29`	`+ if (response is not null && response.StatusCode == 400)`
	`30`	`+ return TestVerdict.Pass;`
	`31`	`+ return TestVerdict.Fail;`
	`32`	`+ }`
`26`	`33`	`}`
`27`	`34`	`};`
`28`	`35`
`@@ -42,8 +49,8 @@ public static IEnumerable<TestCase> GetTestCases()`
`42`	`49`	`{`
`43`	`50`	`if (response is null)`
`44`	`51`	`return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;`
`45`		`- // 414 is ideal, but any 4xx is acceptable`
`46`		`- return response.StatusCode >= 400 && response.StatusCode < 600`
	`52`	`+ // 414 is ideal, 400 and 431 are also acceptable`
	`53`	`+ return response.StatusCode is 400 or 414 or 431`
`47`	`54`	`? TestVerdict.Pass`
`48`	`55`	`: TestVerdict.Fail;`
`49`	`56`	`}`
`@@ -66,7 +73,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`66`	`73`	`{`
`67`	`74`	`if (response is null)`
`68`	`75`	`return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;`
`69`		`- return response.StatusCode >= 400 && response.StatusCode < 600`
	`76`	`+ return response.StatusCode is 400 or 431`
`70`	`77`	`? TestVerdict.Pass`
`71`	`78`	`: TestVerdict.Fail;`
`72`	`79`	`}`
`@@ -93,7 +100,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`93`	`100`	`{`
`94`	`101`	`if (response is null)`
`95`	`102`	`return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;`
`96`		`- return response.StatusCode >= 400 && response.StatusCode < 600`
	`103`	`+ return response.StatusCode is 400 or 431`
`97`	`104`	`? TestVerdict.Pass`
`98`	`105`	`: TestVerdict.Fail;`
`99`	`106`	`}`
`@@ -108,7 +115,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`108`	`115`	`PayloadFactory = ctx => MakeRequest($"GET /\0test HTTP/1.1\r\nHost: {ctx.HostHeader}\r\n\r\n"),`
`109`	`116`	`Expected = new ExpectedBehavior`
`110`	`117`	`{`
`111`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`118`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`112`	`119`	`AllowConnectionClose = true`
`113`	`120`	`}`
`114`	`121`	`};`
`@@ -126,25 +133,25 @@ public static IEnumerable<TestCase> GetTestCases()`
`126`	`133`	`},`
`127`	`134`	`Expected = new ExpectedBehavior`
`128`	`135`	`{`
`129`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`136`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`130`	`137`	`AllowConnectionClose = true`
`131`	`138`	`}`
`132`	`139`	`};`
`133`	`140`
`134`	`141`	`yield return new TestCase`
`135`	`142`	`{`
`136`	`143`	`Id = "MAL-INCOMPLETE-REQUEST",`
`137`		`- Description = "Incomplete request line (just 'GET ') should timeout or close, not crash",`
	`144`	`+ Description = "Partial HTTP request — request-line and headers but no final CRLF",`
`138`	`145`	`Category = TestCategory.MalformedInput,`
`139`		`- PayloadFactory = _ => MakeRequest("GET "),`
	`146`	`+ PayloadFactory = ctx => MakeRequest($"GET / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nX-Test: value"),`
`140`	`147`	`Expected = new ExpectedBehavior`
`141`	`148`	`{`
`142`	`149`	`CustomValidator = (response, state) =>`
`143`	`150`	`{`
`144`	`151`	`// Any of these is acceptable: timeout, close, or 400`
`145`	`152`	`if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)`
`146`	`153`	`return TestVerdict.Pass;`
`147`		`- if (response is not null && response.StatusCode >= 400)`
	`154`	`+ if (response is not null && response.StatusCode == 400)`
`148`	`155`	`return TestVerdict.Pass;`
`149`	`156`	`return TestVerdict.Fail;`
`150`	`157`	`}`
`@@ -154,16 +161,16 @@ public static IEnumerable<TestCase> GetTestCases()`
`154`	`161`	`yield return new TestCase`
`155`	`162`	`{`
`156`	`163`	`Id = "MAL-EMPTY-REQUEST",`
`157`		`- Description = "Empty request (just CRLF) should be handled gracefully",`
	`164`	`+ Description = "Zero bytes — TCP connection established without sending any data",`
`158`	`165`	`Category = TestCategory.MalformedInput,`
`159`		`- PayloadFactory = _ => MakeRequest("\r\n"),`
	`166`	`+ PayloadFactory = _ => [],`
`160`	`167`	`Expected = new ExpectedBehavior`
`161`	`168`	`{`
`162`	`169`	`CustomValidator = (response, state) =>`
`163`	`170`	`{`
`164`	`171`	`if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)`
`165`	`172`	`return TestVerdict.Pass;`
`166`		`- if (response is not null && response.StatusCode >= 400)`
	`173`	`+ if (response is not null && response.StatusCode == 400)`
`167`	`174`	`return TestVerdict.Pass;`
`168`	`175`	`return TestVerdict.Fail;`
`169`	`176`	`}`
`@@ -186,7 +193,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`186`	`193`	`{`
`187`	`194`	`if (response is null)`
`188`	`195`	`return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;`
`189`		`- return response.StatusCode >= 400 && response.StatusCode < 600`
	`196`	`+ return response.StatusCode is 400 or 431`
`190`	`197`	`? TestVerdict.Pass`
`191`	`198`	`: TestVerdict.Fail;`
`192`	`199`	`}`
`@@ -209,7 +216,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`209`	`216`	`{`
`210`	`217`	`if (response is null)`
`211`	`218`	`return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;`
`212`		`- return response.StatusCode >= 400 && response.StatusCode < 600`
	`219`	`+ return response.StatusCode == 400`
`213`	`220`	`? TestVerdict.Pass`
`214`	`221`	`: TestVerdict.Fail;`
`215`	`222`	`}`
`@@ -235,7 +242,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`235`	`242`	`},`
`236`	`243`	`Expected = new ExpectedBehavior`
`237`	`244`	`{`
`238`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`245`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`239`	`246`	`AllowConnectionClose = true`
`240`	`247`	`}`
`241`	`248`	`};`
`@@ -259,7 +266,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`259`	`266`	`},`
`260`	`267`	`Expected = new ExpectedBehavior`
`261`	`268`	`{`
`262`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`269`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`263`	`270`	`AllowConnectionClose = true`
`264`	`271`	`}`
`265`	`272`	`};`
`@@ -273,7 +280,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`273`	`280`	`$"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: 99999999999999999999\r\n\r\n"),`
`274`	`281`	`Expected = new ExpectedBehavior`
`275`	`282`	`{`
`276`		`- ExpectedStatus = StatusCodeRange.Range4xx,`
	`283`	`+ ExpectedStatus = StatusCodeRange.Exact(400),`
`277`	`284`	`AllowConnectionClose = true`
`278`	`285`	`}`
`279`	`286`	`};`
`@@ -290,7 +297,7 @@ public static IEnumerable<TestCase> GetTestCases()`
`290`	`297`	`{`
`291`	`298`	`if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)`
`292`	`299`	`return TestVerdict.Pass;`
`293`		`- if (response is not null && response.StatusCode >= 400)`
	`300`	`+ if (response is not null && response.StatusCode == 400)`
`294`	`301`	`return TestVerdict.Pass;`
`295`	`302`	`return TestVerdict.Fail;`
`296`	`303`	`}`