You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Found that rest.rs rejects requests with both Content-Length and Transfer-Encoding headers (lines 265-269), but inference.rs does not
inference.rs silently prioritises Transfer-Encoding: chunked and ignores the Content-Length header when both are present (lines 167-178)
Confirmed the gap is not covered by any test — no reject_dual_* test exists in inference.rs, unlike rest.rs which has two
Description
PR #663 added CWE-444 mitigations to the L7 REST proxy path (rest.rs), including rejection of requests containing both Content-Length and Transfer-Encoding headers. The same guard was not applied to the inference request parser (inference.rs).
When both headers are present, the inference parser silently uses chunked transfer-encoding and ignores Content-Length. If an upstream server interprets the request via Content-Length instead, the resulting desynchronisation enables HTTP request smuggling (CWE-444, RFC 7230 Section 3.3.3).
Expected: Requests with both CL and TE headers should be rejected with a 400 Bad Request, matching the REST parser behaviour.
Actual: Requests with both headers are accepted; CL is silently ignored in favour of TE.
Reproduction Steps
Read crates/openshell-sandbox/src/l7/inference.rs, function try_parse_http_request()
Note that after the header parsing loop (line 165), there is no check for is_chunked && has_content_length
Compare with crates/openshell-sandbox/src/l7/rest.rs lines 265-269 which explicitly rejects this case
Agent Diagnostic
crates/openshell-sandbox/src/l7/inference.rsandcrates/openshell-sandbox/src/l7/rest.rsrest.rsrejects requests with bothContent-LengthandTransfer-Encodingheaders (lines 265-269), butinference.rsdoes notinference.rssilently prioritisesTransfer-Encoding: chunkedand ignores theContent-Lengthheader when both are present (lines 167-178)reject_dual_*test exists ininference.rs, unlikerest.rswhich has twoDescription
PR #663 added CWE-444 mitigations to the L7 REST proxy path (
rest.rs), including rejection of requests containing bothContent-LengthandTransfer-Encodingheaders. The same guard was not applied to the inference request parser (inference.rs).When both headers are present, the inference parser silently uses chunked transfer-encoding and ignores Content-Length. If an upstream server interprets the request via Content-Length instead, the resulting desynchronisation enables HTTP request smuggling (CWE-444, RFC 7230 Section 3.3.3).
Expected: Requests with both CL and TE headers should be rejected with a 400 Bad Request, matching the REST parser behaviour.
Actual: Requests with both headers are accepted; CL is silently ignored in favour of TE.
Reproduction Steps
crates/openshell-sandbox/src/l7/inference.rs, functiontry_parse_http_request()is_chunked && has_content_lengthcrates/openshell-sandbox/src/l7/rest.rslines 265-269 which explicitly rejects this caseEnvironment
mainbranch (commit0ac1fbd2)crates/openshell-sandbox/src/l7/inference.rsLogs
N/A — static code analysis finding.
Agent-First Checklist
debug-openshell-cluster,debug-inference,openshell-cli)